PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Warn if no ciphers support FS. See #1309

Browse Source
This commit is contained in:
dmiller
2018-08-27 15:02:48 +00:00
parent 069c76a1de
commit bc0935a51a
2 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
nselib/tls.lua
View File

@@ -897,6 +897,7 @@ KEX_ALGORITHMS.RSA_EXPORT1024 = KEX_ALGORITHMS.RSA_EXPORT
KEX_ALGORITHMS.DHE_RSA={
pubkey="rsa",
type = "dh",
pfs = true,
server_key_exchange = function (blob, protocol)
local pos
local ret = {}
@@ -909,17 +910,20 @@ KEX_ALGORITHMS.DHE_RSA_EXPORT={
export=true,
pubkey="rsa",
type = "dh",
pfs = true,
server_key_exchange = KEX_ALGORITHMS.DHE_RSA.server_key_exchange
}
KEX_ALGORITHMS.DHE_DSS={
pubkey="dsa",
type = "dh",
pfs = true,
server_key_exchange = KEX_ALGORITHMS.DHE_RSA.server_key_exchange
}
KEX_ALGORITHMS.DHE_DSS_EXPORT={
export=true,
pubkey="dsa",
type = "dh",
pfs = true,
server_key_exchange = KEX_ALGORITHMS.DHE_RSA.server_key_exchange
}
KEX_ALGORITHMS.DHE_DSS_EXPORT1024 = KEX_ALGORITHMS.DHE_DSS_EXPORT1024
@@ -942,6 +946,7 @@ KEX_ALGORITHMS.DH_RSA_EXPORT={
KEX_ALGORITHMS.ECDHE_RSA={
pubkey="rsa",
type = "ec",
pfs = true,
server_key_exchange = function (blob, protocol)
local pos
local ret = {}
@@ -953,6 +958,7 @@ KEX_ALGORITHMS.ECDHE_RSA={
KEX_ALGORITHMS.ECDHE_ECDSA={
pubkey="ec",
type = "ec",
pfs = true,
server_key_exchange = KEX_ALGORITHMS.ECDHE_RSA.server_key_exchange
}
KEX_ALGORITHMS.ECDH_ECDSA={
@@ -995,6 +1001,7 @@ KEX_ALGORITHMS.RSA_PSK = {
}
KEX_ALGORITHMS.DHE_PSK = {
type = "dh",
pfs = true,
server_key_exchange = function (blob, protocol)
local pos
local ret = {}
@@ -1009,6 +1016,7 @@ KEX_ALGORITHMS.PSK_DHE = KEX_ALGORITHMS.DHE_PSK
--rfc5489
KEX_ALGORITHMS.ECDHE_PSK={
type = "ec",
pfs = true,
server_key_exchange = function (blob, protocol)
local pos
local ret = {}

3
scripts/ssl-enum-ciphers.nse
View File

@@ -675,6 +675,7 @@ local function find_ciphers_group(host, port, protocol, group, scores)
scores.warnings["Broken cipher RC4 is deprecated by RFC 7465"] = true
end
local kex = tls.KEX_ALGORITHMS[info.kex]
scores.any_pfs_ciphers = kex.pfs or scores.any_pfs_ciphers
local extra, kex_strength
if kex.anon then
kex_strength = 0
@@ -815,6 +816,8 @@ local function find_ciphers(host, port, protocol)
end
end
if not next(results) then return nil end
scores.warnings["Forward Secrecy not supported by any cipher"] = (not scores.any_pfs_ciphers) or nil
scores.any_pfs_ciphers = nil
return results, scores
end