PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Warn if no ciphers support FS. See #1309

Browse Source
This commit is contained in:
dmiller
2018-08-27 15:02:48 +00:00
parent 069c76a1de
commit bc0935a51a
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
scripts/ssl-enum-ciphers.nse
View File

@@ -675,6 +675,7 @@ local function find_ciphers_group(host, port, protocol, group, scores)
scores.warnings["Broken cipher RC4 is deprecated by RFC 7465"] = true
end
local kex = tls.KEX_ALGORITHMS[info.kex]
scores.any_pfs_ciphers = kex.pfs or scores.any_pfs_ciphers
local extra, kex_strength
if kex.anon then
kex_strength = 0
@@ -815,6 +816,8 @@ local function find_ciphers(host, port, protocol)
end
end
if not next(results) then return nil end
scores.warnings["Forward Secrecy not supported by any cipher"] = (not scores.any_pfs_ciphers) or nil
scores.any_pfs_ciphers = nil
return results, scores
end