From 917842059b30dabdadc7de6cf290d35d1cd0fc0a Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Thu, 16 Oct 2014 04:07:07 +0000
Subject: [PATCH] Check TLS body protocol for compatibility in ssl-enum-ciphers

Haven't seen this, and it shouldn't happen, but it's possible for a
server to send the same protocol version in the record, but a different
one in the body. This wouldn't be valid, so we should reject it.
---
 scripts/ssl-enum-ciphers.nse | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index d48ee92d1..e8b8592a2 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -372,6 +372,10 @@ local function find_ciphers_group(host, port, protocol, group)
     elseif record["type"] ~= "handshake" or record["body"][1]["type"] ~= "server_hello" then
       ctx_log(2, protocol, "Unexpected record received.")
       break
+    elseif record["body"][1]["protocol"] ~= protocol then
+      ctx_log(1, protocol, "Protocol rejected.")
+      protocol_worked = nil
+      break
     else
       protocol_worked = true
       name = record["body"][1]["cipher"]