PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-20 14:39:02 +00:00
Code Issues Projects Releases Wiki Activity

Don't consider protocol mismatch for alerts other than protocol_version to be a protocol rejection. http://serverfault.com/q/832207/112426

Browse Source
This commit is contained in:
dmiller
2017-02-24 15:47:48 +00:00
parent 3ac81b4804
commit 6f8ec39063
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
scripts/ssl-enum-ciphers.nse
View File

@@ -605,8 +605,11 @@ local function find_ciphers_group(host, port, protocol, group, scores)
if alert then if alert then
ctx_log(2, protocol, "Got alert: %s", alert.body[1].description) ctx_log(2, protocol, "Got alert: %s", alert.body[1].description)
if alert["protocol"] ~= protocol then if alert["protocol"] ~= protocol then
ctx_log(1, protocol, "Protocol rejected.") ctx_log(1, protocol, "Protocol mismatch (received %s)", alert.protocol)
-- Sometimes this is not an actual rejection of the protocol. Check specifically:
if get_body(alert, "description", "protocol_version") then
protocol_worked = nil protocol_worked = nil
end
break break
elseif get_body(alert, "description", "handshake_failure") then elseif get_body(alert, "description", "handshake_failure") then
protocol_worked = true protocol_worked = true