diff --git a/scripts/ssl-ccs-injection.nse b/scripts/ssl-ccs-injection.nse index 73601dc47..9e677c9f5 100644 --- a/scripts/ssl-ccs-injection.nse +++ b/scripts/ssl-ccs-injection.nse @@ -120,12 +120,9 @@ local function test_ccs_injection(host, port, version) ["ciphers"] = stdnse.keys(tls.CIPHERS), ["compressors"] = {"NULL"}, ["extensions"] = { - -- Claim to support every elliptic curve + -- Claim to support common elliptic curves ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"]( - stdnse.keys(tls.ELLIPTIC_CURVES)), - -- Claim to support every EC point format - ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"]( - stdnse.keys(tls.EC_POINT_FORMATS)), + tls.DEFAULT_ELLIPTIC_CURVES), }, }) diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse index 9c4be2c1b..3b51a6116 100644 --- a/scripts/ssl-enum-ciphers.nse +++ b/scripts/ssl-enum-ciphers.nse @@ -515,10 +515,8 @@ end local function base_extensions(host) local tlsname = tls.servername(host) return { - -- Claim to support every elliptic curve - ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](sorted_keys(tls.ELLIPTIC_CURVES)), - -- Claim to support every EC point format - ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](sorted_keys(tls.EC_POINT_FORMATS)), + -- Claim to support common elliptic curves + ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES), -- Enable SNI if a server name is available ["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname), } diff --git a/scripts/ssl-heartbleed.nse b/scripts/ssl-heartbleed.nse index 94eaeda84..1f1206102 100644 --- a/scripts/ssl-heartbleed.nse +++ b/scripts/ssl-heartbleed.nse @@ -76,10 +76,8 @@ local function testversion(host, port, version) ["ciphers"] = stdnse.keys(tls.CIPHERS), ["compressors"] = {"NULL"}, ["extensions"] = { - -- Claim to support every elliptic curve - ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](stdnse.keys(tls.ELLIPTIC_CURVES)), - -- Claim to support every EC point format - ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](stdnse.keys(tls.EC_POINT_FORMATS)), + -- Claim to support common elliptic curves + ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES), ["heartbeat"] = "\x01", -- peer_not_allowed_to_send }, }) diff --git a/scripts/ssl-poodle.nse b/scripts/ssl-poodle.nse index 297c3eeb9..3cad8c9a2 100644 --- a/scripts/ssl-poodle.nse +++ b/scripts/ssl-poodle.nse @@ -177,10 +177,8 @@ end local function base_extensions(host) local tlsname = tls.servername(host) return { - -- Claim to support every elliptic curve - ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](sorted_keys(tls.ELLIPTIC_CURVES)), - -- Claim to support every EC point format - ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](sorted_keys(tls.EC_POINT_FORMATS)), + -- Claim to support common elliptic curves + ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES), -- Enable SNI if a server name is available ["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname), } diff --git a/scripts/tls-ticketbleed.nse b/scripts/tls-ticketbleed.nse index 03948d69d..bbb5f0225 100644 --- a/scripts/tls-ticketbleed.nse +++ b/scripts/tls-ticketbleed.nse @@ -218,10 +218,8 @@ local function is_vuln(host, port, version) ["ciphers"] = stdnse.keys(tls.CIPHERS), ["compressors"] = {"NULL"}, ["extensions"] = { - -- Claim to support every elliptic curve - ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](stdnse.keys(tls.ELLIPTIC_CURVES)), - -- Claim to support every EC point format - ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](stdnse.keys(tls.EC_POINT_FORMATS)), + -- Claim to support common elliptic curves + ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES), ["SessionTicket TLS"] = ticket, }, })