From f97c8db5e8571f0cf91328503f0ea4103d1c0420 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 14 Sep 2012 21:06:46 +0000
Subject: [PATCH] Correct output for ssl-enum-ciphers against non-ssl

ssl-enum-ciphers was producing output against non-ssl services, listing
"least strength: strong" when there was no cipher matched. Fixed to
return nil in this case, and to clearly indicate when a protocol is
supported but does not support any of our ciphers (a very unlikely
situation! Had to artificially reduce attempted ciphers to test.)
---
 scripts/ssl-enum-ciphers.nse | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 03ce21d35..daf2fcb34 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -589,7 +589,7 @@ cipherstrength = {
 }
 
 local rankedciphers={}
-local mincipherstrength=3
+local mincipherstrength=9999 --artificial "highest value"
 local rankedciphersfilename=false
 local policy=true
 
@@ -892,8 +892,9 @@ local function find_ciphers(host, port, protocol)
 				table.insert(results, name)
 			end
 		end
-    if protocol_worked == nil then break end
+    if protocol_worked == nil then return nil end
   end
+  if not protocol_worked then return nil end
 
   return results
 end
@@ -959,10 +960,20 @@ local function try_protocol(host, port, protocol, upresults)
 
 	-- Find all valid ciphers.
 	ciphers = find_ciphers(host, port, protocol)
-	if #ciphers == 0 then
+	if ciphers == nil then
+		condvar "signal"
+		return nil
+	end
+  
+  if #ciphers == 0 then
+    results = {ciphers={},compressors={}}
+    setmetatable(results,{
+      __tostring=function(t) return "No supported ciphers found" end
+    })
+    upresults[protocol] = results
     condvar "signal"
     return nil
-	end
+  end
 	-- Find all valid compression methods.
 	compressors = find_compressors(host, port, protocol, ciphers[1])
 
@@ -1089,6 +1100,10 @@ action = function(host, port)
     end
   until next(threads) == nil
 
+  if #( keys(results) ) == 0 then
+    return nil
+  end
+
 	if rankedciphersfilename then
 		for k, v in pairs(cipherstrength) do
 			if v == mincipherstrength then