From c85bb0b54fdf0784cee3d7e0cc44b08ef18780cd Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 10 Nov 2014 16:16:29 +0000
Subject: [PATCH] Correct logic on checking for SHA1 certificate in
 ssl-enum-ciphers

---
 scripts/ssl-enum-ciphers.nse | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 45e1c6727..cff3f6647 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -518,9 +518,11 @@ local function find_ciphers_group(host, port, protocol, group, scores)
                     scores.warnings["Insecure certificate signature: " .. string.upper(sigalg)] = true
                   else
                     sigalg = c.sig_algorithm:match("([sS][hH][aA]1)")
-                    -- TODO: Update this when SHA-1 is deprecated in 2016
-                    -- kex_strength = 0
-                    scores.warnings["Weak certificate signature: SHA1"] = true
+                    if sigalg then
+                      -- TODO: Update this when SHA-1 is deprecated in 2016
+                      -- kex_strength = 0
+                      scores.warnings["Weak certificate signature: SHA1"] = true
+                    end
                     kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits)
                     extra = string.format("%s %d", kex.pubkey, c.pubkey.bits)
                   end