Check TLS body protocol for compatibility in ssl-enum-ciphers

Haven't seen this, and it shouldn't happen, but it's possible for a server to send the same protocol version in the record, but a different one in the body. This wouldn't be valid, so we should reject it.
2025-12-07 13:11:28 +00:00 · 2014-10-16 04:07:07 +00:00
parent 9e199c0213
commit 917842059b
1 changed files with 4 additions and 0 deletions
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -372,6 +372,10 @@ local function find_ciphers_group(host, port, protocol, group)
    elseif record["type"] ~= "handshake" or record["body"][1]["type"] ~= "server_hello" then
      ctx_log(2, protocol, "Unexpected record received.")
      break
+    elseif record["body"][1]["protocol"] ~= protocol then
+      ctx_log(1, protocol, "Protocol rejected.")
+      protocol_worked = nil
+      break
    else
      protocol_worked = true
      name = record["body"][1]["cipher"]