PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-26 17:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Clarify kex weakness warning with actual kex info

Browse Source
This commit is contained in:
dmiller
2016-08-24 16:07:58 +00:00
parent fc948c437b
commit 9a21104bd6
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
scripts/ssl-enum-ciphers.nse
View File

@@ -722,9 +722,10 @@ local function find_ciphers_group(host, port, protocol, group, scores)
local kex_info = kex.server_key_exchange(ske.data)
if kex_info.strength then
local rsa_bits = tls.rsa_equiv(kex.type, kex_info.strength)
local low_strength_warning = false
if kex_strength and kex_strength > rsa_bits then
kex_strength = rsa_bits
scores.warnings["Key exchange parameters of lower strength than certificate key"] = true
low_strength_warning = true
end
kex_strength = kex_strength or rsa_bits
if kex_info.ecdhparams then
@@ -736,6 +737,11 @@ local function find_ciphers_group(host, port, protocol, group, scores)
else
extra = string.format("%s %d", kex.type, kex_info.strength)
end
if low_strength_warning then
scores.warnings[(
"Key exchange (%s) of lower strength than certificate key"
):format(extra)] = true
end
end
if kex_info.rsa and kex_info.rsa.exponent == 1 then
kex_strength = 0