Extend ssl-heartbleed to use every TLS cipher, prevent false negatives

2026-01-04 13:49:03 +00:00 · 2014-04-14 19:42:59 +00:00
parent 1d4fdaf2b3
commit a343ea24cd
1 changed files with 3 additions and 53 deletions
--- a/scripts/ssl-heartbleed.nse
+++ b/scripts/ssl-heartbleed.nse
@@ -80,59 +80,9 @@ local function testversion(host, port, version)

  local hello = tls.client_hello({
      ["protocol"] = version,
-      ["ciphers"] = {
-        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
-        "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA",
-        "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA",
-        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",
-        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA",
-        "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",
-        "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA",
-        "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
-        "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
-        "TLS_RSA_WITH_AES_256_CBC_SHA",
-        "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",
-        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA",
-        "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
-        "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
-        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
-        "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA",
-        "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA",
-        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
-        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
-        "TLS_DHE_RSA_WITH_SEED_CBC_SHA",
-        "TLS_DHE_DSS_WITH_SEED_CBC_SHA",
-        "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",
-        "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA",
-        "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
-        "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
-        "TLS_RSA_WITH_AES_128_CBC_SHA",
-        "TLS_RSA_WITH_SEED_CBC_SHA",
-        "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",
-        "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
-        "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
-        "TLS_ECDH_RSA_WITH_RC4_128_SHA",
-        "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
-        "TLS_RSA_WITH_RC4_128_SHA",
-        "TLS_RSA_WITH_RC4_128_MD5",
-        "TLS_DHE_RSA_WITH_DES_CBC_SHA",
-        "TLS_DHE_DSS_WITH_DES_CBC_SHA",
-        "TLS_RSA_WITH_DES_CBC_SHA",
-        "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
-        "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA",
-        "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA",
-        "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5",
-        "TLS_RSA_EXPORT_WITH_RC4_40_MD5",
-        "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
-      },
+      -- Claim to support every cipher
+      -- Doesn't work with IIS, but IIS isn't vulnerable
+      ["ciphers"] = keys(tls.CIPHERS),
      ["compressors"] = {"NULL"},
      ["extensions"] = {
        -- Claim to support every elliptic curve