PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Offer more ciphers by default in NSE TLS

Browse Source
This commit is contained in:
dmiller
2025-06-02 14:31:42 +00:00
parent d6b53b1915
commit 4add49408c
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
nselib/tls.lua
View File

@@ -854,6 +854,18 @@ DEFAULT_TLS12_CIPHERS = {
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", -- mandatory TLSv1.0 "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", -- mandatory TLSv1.0
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA", -- DHE with strong AES "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", -- DHE with strong AES
"TLS_RSA_WITH_RC4_128_MD5", -- Weak and old, but likely supported on old stuff "TLS_RSA_WITH_RC4_128_MD5", -- Weak and old, but likely supported on old stuff
-- The following are sent by Chrome 136:
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA",
} }
-- Same, but for TLSv1.3 -- Same, but for TLSv1.3
DEFAULT_TLS13_CIPHERS = { DEFAULT_TLS13_CIPHERS = {
@@ -879,49 +891,43 @@ local cipher_info_cache = {
-- pre-populate the special cases that break the parser below -- pre-populate the special cases that break the parser below
["TLS_ECDH_anon_NULL_WITH_SHA-draft"] = { ["TLS_ECDH_anon_NULL_WITH_SHA-draft"] = {
kex = "ECDH", dh = true, ec = true, kex = "ECDH", dh = true, ec = true,
server_auth = "anon", anon = true,
cipher = "NULL", cipher = "NULL",
hash = "SHA", hash = "SHA",
draft = true draft = true
}, },
["TLS_ECMQV_ECDSA_NULL_SHA-draft"] = { ["TLS_ECMQV_ECDSA_NULL_SHA-draft"] = {
kex = "ECMQV", ec = true, kex = "ECMQV", ec = true,
server_auth = "ECDSA",
cipher = "NULL", cipher = "NULL",
hash = "SHA", hash = "SHA",
draft = true draft = true
}, },
["TLS_ECMQV_ECNRA_NULL_SHA-draft"] = { ["TLS_ECMQV_ECNRA_NULL_SHA-draft"] = {
kex = "ECMQV", ec = true, kex = "ECMQV", ec = true,
server_auth = "ECNRA",
cipher = "NULL", cipher = "NULL",
hash = "SHA", hash = "SHA",
draft = true draft = true
}, },
["TLS_GOSTR341094_WITH_28147_CNT_IMIT-draft"] = { ["TLS_GOSTR341094_WITH_28147_CNT_IMIT-draft"] = {
kex = "GOSTR341094", kex = "GOSTR341094",
server_auth = "GOSTR341094",
cipher = "GOST28147", cipher = "GOST28147",
hash = "IMIT_GOST28147", hash = "IMIT_GOST28147",
draft = true draft = true
}, },
["TLS_GOSTR341001_WITH_28147_CNT_IMIT-draft"] = { ["TLS_GOSTR341001_WITH_28147_CNT_IMIT-draft"] = {
kex = "GOSTR341001", kex = "GOSTR341001",
server_auth = "GOSTR341001",
cipher = "GOST28147", cipher = "GOST28147",
hash = "IMIT_GOST28147", hash = "IMIT_GOST28147",
draft = true draft = true
}, },
["TLS_GOSTR341094_WITH_NULL_GOSTR3411-draft"] = { ["TLS_GOSTR341094_WITH_NULL_GOSTR3411-draft"] = {
kex = "GOSTR341094", kex = "GOSTR341094",
server_auth = "GOSTR341094",
cipher = "NULL", cipher = "NULL",
hash = "HMAC_GOSTR3411", hash = "HMAC_GOSTR3411",
draft = true draft = true
}, },
["TLS_GOSTR341001_WITH_NULL_GOSTR3411-draft"] = { ["TLS_GOSTR341001_WITH_NULL_GOSTR3411-draft"] = {
kex = "GOSTR341001", kex = "GOSTR341001",
server_auth = "GOSTR341001",
cipher = "NULL", cipher = "NULL",
hash = "HMAC_GOSTR3411", hash = "HMAC_GOSTR3411",
draft = true draft = true