Let ssl-enum-ciphers run on any port when selected by name (#168)

CHANGELOG

@@ -1,5 +1,9 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Allow ssl-enum-ciphers to run on non-typical ports when it is selected
+  by name. It will now send a service detection probe if the port is not a
+  typical SSL port and version scan (-sV) was not used. [Daniel Miller]
+
 o Fix Ncat listen mode on Solaris and other platforms where struct sockaddr
   does not have a sa_len member. This also affected use of the -p and -s
   options. Brandon Haberfeld reported the crash. [Daniel Miller]

scripts/ssl-enum-ciphers.nse

@@ -830,6 +830,8 @@ end
 
 portrule = function (host, port)
   return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)
+  -- selected by name
+  or nmap.version_intensity() == 9
 end
 
 --- Return a table that yields elements sorted by key when iterated over with pairs()
@@ -852,8 +854,26 @@ function sorted_by_key(t)
   return out
 end
 
+local comm = require "comm"
 action = function(host, port)
 
+  -- If we're selected by name, we might have to check whether it's even an SSL port
+  if not (shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)) then
+    stdnse.verbose1("Sending confirmation probe")
+    -- SSLSessionReq probe from nmap-service-probes
+    local status, resp = comm.exchange(host, port,
+      "\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\z
+      \x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\z
+      \0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\z
+      \x08\0\x06\0\x03\x01\0")
+    if not status or not resp or not (
+        resp:match("^\x16\x03[\0-\x03]..\x02...\x03[\0-\x03]") or
+        resp:match("^\x15\x03[\0-\x03]\0\x02\x02[F\x28]")
+        ) then
+      return nil
+    end
+  end
+
   local results = {}
 
   local condvar = nmap.condvar(results)