From aadd8d864c9bbc823739a48d7fd4c2f281887e33 Mon Sep 17 00:00:00 2001 From: dmiller Date: Tue, 12 Aug 2014 02:38:13 +0000 Subject: [PATCH] Documentation for the cipher ordering feature --- scripts/ssl-enum-ciphers.nse | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse index f6c734d8a..52c2b9b06 100644 --- a/scripts/ssl-enum-ciphers.nse +++ b/scripts/ssl-enum-ciphers.nse @@ -29,6 +29,12 @@ methods a server supports than SSLv2. A client lists the ciphers and compressors that it is capable of supporting, and the server will respond with a single cipher and compressor chosen, or a rejection notice. +Some servers use the client's ciphersuite ordering: they choose the first of +the client's offered suites that they also support. Other servers prefer their +own ordering: they choose their most preferred suite from among those the +client offers. In the case of server ordering, the script makes extra probes to +discover the server's sorted preference list. + This script is intrusive since it must initiate many connections to a server, and therefore is quite noisy. ]]