From 453f655f89d193a40fa8132cfa18974a57a3cbb2 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 22 Jul 2014 22:20:34 +0000
Subject: [PATCH] Add mandatory cipher suite to appropriate scripts

The TLS standard (TLS 1.2, but also probably the others) states:

> In the absence of an application profile standard specifying
> otherwise, a TLS-compliant application MUST implement the cipher
> suite TLS_RSA_WITH_AES_128_CBC_SHA

This was causing some problems with some implementations (See
http://seclists.org/nmap-dev/2014/q3/119)
---
 scripts/ssl-date.nse         | 1 +
 scripts/tls-nextprotoneg.nse | 1 +
 2 files changed, 2 insertions(+)

diff --git a/scripts/ssl-date.nse b/scripts/ssl-date.nse
index eb04f1ee3..32887bc53 100644
--- a/scripts/ssl-date.nse
+++ b/scripts/ssl-date.nse
@@ -57,6 +57,7 @@ local client_hello = function(host, port)
   cli_h = tls.client_hello({
     ["protocol"] = "TLSv1.0",
     ["ciphers"] = {
+      "TLS_RSA_WITH_AES_128_CBC_SHA",
       "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
       "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
       "TLS_RSA_WITH_RC4_128_MD5",
diff --git a/scripts/tls-nextprotoneg.nse b/scripts/tls-nextprotoneg.nse
index a9dea5145..140df05f6 100644
--- a/scripts/tls-nextprotoneg.nse
+++ b/scripts/tls-nextprotoneg.nse
@@ -55,6 +55,7 @@ local client_hello = function(host, port)
   cli_h = tls.client_hello({
     ["protocol"] = "TLSv1.0",
     ["ciphers"] = {
+      "TLS_RSA_WITH_AES_128_CBC_SHA",
       "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
       "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
       "TLS_RSA_WITH_RC4_128_MD5",