From d122b91891d30fbde480f1a4f98ef68c1ebf6ee2 Mon Sep 17 00:00:00 2001 From: david Date: Sat, 25 Apr 2009 03:24:00 +0000 Subject: [PATCH] Merge from /nmap-exp/david/nmap-ssl, /nmap-exp/david/ncat-ssl, and /nmap-exp/david/nsock-ssl. This brings in secure SSL connections for Ncat. See http://seclists.org/nmap-dev/2009/q2/0183.html. --- CHANGELOG | 7 +++++++ nse_nsock.cc | 4 ++++ service_scan.cc | 5 +++++ 3 files changed, 16 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 95bc40041..38130a6fa 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,12 @@ # Nmap Changelog ($Id$); -*-text-*- +o [Ncat] In SSL mode, Ncat now always uses secure connections, meaning + that it uses only good ciphers and doesn't use SSLv2. Certificates + can optionally be verified with the --ssl-verify and --ssl-trustfile + options. Nsock provides the option of making SSL connections that + prioritize either speed or security; Ncat uses security while + version detection and NSE continue to use speed. [David] + o [Ncat] Made calling of checked allocation functions more uniform and removed some unnecessary code. [Fotis Hantzis] diff --git a/nse_nsock.cc b/nse_nsock.cc index d3ec1d033..929b861c2 100644 --- a/nse_nsock.cc +++ b/nse_nsock.cc @@ -395,6 +395,10 @@ int luaopen_nsock (lua_State *L) nsp = nsp_new(NULL); if (o.scriptTrace()) nsp_settrace(nsp, NSOCK_TRACE_LEVEL, o.getStartTime()); +#if HAVE_OPENSSL + /* Value speed over security in SSL connections. */ + nsp_ssl_init_max_speed(nsp); +#endif return 0; } diff --git a/service_scan.cc b/service_scan.cc index fbf14dda7..70c4d6a19 100644 --- a/service_scan.cc +++ b/service_scan.cc @@ -2425,6 +2425,11 @@ int service_scan(vector &Targets) { nsp_settrace(nsp, NSOCK_TRACE_LEVEL, o.getStartTime()); } +#if HAVE_OPENSSL + /* We don't care about connection security in version detection. */ + nsp_ssl_init_max_speed(nsp); +#endif + launchSomeServiceProbes(nsp, SG); // How long do we have before timing out?