From 91dade9325008fa453e6dad7af7b238135ab6d4f Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 24 Feb 2017 16:28:33 +0000
Subject: [PATCH] Ignore protocol mismatch in some more cases.

---
 scripts/ssl-enum-ciphers.nse | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 70aa48f77..da3570bda 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -630,7 +630,12 @@ local function find_ciphers_group(host, port, protocol, group, scores)
       end
       if server_hello.protocol ~= protocol then
         ctx_log(1, protocol, "Protocol rejected. cipher: %s", server_hello.cipher)
-        protocol_worked = protocol_worked or nil
+        -- Some implementations will do this if a cipher is supported in some
+        -- other protocol version but not this one. Gotta keep trying.
+        if not remove(group, server_hello.cipher) then
+          -- But if we didn't even offer this cipher, then give up. Crazy!
+          protocol_worked = protocol_worked or nil
+        end
         break
       else
         protocol_worked = true