From f3ee54268382e7a34ddbfd83391d6f9e18d64786 Mon Sep 17 00:00:00 2001 From: nnposter Date: Thu, 11 Aug 2016 23:47:31 +0000 Subject: [PATCH] Changed weak cipher strength threshold from 128 to 112 bits in script ssl-enum-ciphers. Fixes #474 --- scripts/ssl-enum-ciphers.nse | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse index 424d5f25f..e01872f0d 100644 --- a/scripts/ssl-enum-ciphers.nse +++ b/scripts/ssl-enum-ciphers.nse @@ -56,9 +56,9 @@ and therefore is quite noisy. -- | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A -- | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A -- | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A --- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C --- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C --- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C +-- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - A +-- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - A +-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - A -- | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C -- | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C -- | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C @@ -78,9 +78,9 @@ and therefore is quite noisy. -- | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A -- | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A -- | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A --- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C --- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C --- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C +-- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - A +-- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - A +-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - A -- | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C -- | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C -- | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C @@ -106,9 +106,9 @@ and therefore is quite noisy. -- | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A -- | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A -- | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A --- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C --- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - C --- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C +-- | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - A +-- | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (secp256r1) - A +-- | TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - A -- | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (secp256r1) - C -- | TLS_ECDHE_RSA_WITH_RC4_128_SHA (secp256r1) - C -- | TLS_RSA_WITH_RC4_128_SHA (rsa 2048) - C @@ -157,17 +157,17 @@ and therefore is quite noisy. -- -- secp256r1 -- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA --- C +-- A --
-- -- secp256r1 -- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA --- C +-- A --
-- -- rsa 2048 -- TLS_RSA_WITH_3DES_EDE_CBC_SHA --- C +-- A --
-- -- secp256r1 @@ -267,17 +267,17 @@ and therefore is quite noisy. --
-- secp256r1 -- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA --- C +-- A --
-- -- secp256r1 -- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA --- C +-- A --
-- -- rsa 2048 -- TLS_RSA_WITH_3DES_EDE_CBC_SHA --- C +-- A --
-- -- secp256r1 @@ -571,7 +571,7 @@ local function score_cipher (kex_strength, cipher_info) if cipher_info.size == 0 then return 0 - elseif cipher_info.size < 128 then + elseif cipher_info.size < 112 then cipher_score = 0.2 elseif cipher_info.size < 256 then cipher_score = 0.8