PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Correct conversion of DH key size to RSA bit strength equivalent

Browse Source
This commit is contained in:
dmiller
2014-11-07 21:41:38 +00:00
parent 8101fa65e0
commit 8f414cfc3a
2 changed files with 15 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
scripts/ssl-enum-ciphers.nse
View File

@@ -518,11 +518,12 @@ local function find_ciphers_group(host, port, protocol, group, scores)
if kex.server_key_exchange and ske then
local kex_info = kex.server_key_exchange(ske.data)
if kex_info.strength then
if kex_strength and kex_strength > kex_info.strength then
kex_strength = kex_info.strength
local rsa_bits = tls.rsa_equiv(kex.type, kex_info.strength)
if kex_strength and kex_strength > rsa_bits then
kex_strength = rsa_bits
scores.warnings["Key exchange parameters of lower strength than certificate key"] = true
end
kex_strength = kex_strength or kex_info.strength
kex_strength = kex_strength or rsa_bits
extra = string.format("%s %d", kex.type, kex_info.strength)
end
end