ssl-enum-ciphers was producing output against non-ssl services, listing
"least strength: strong" when there was no cipher matched. Fixed to
return nil in this case, and to clearly indicate when a protocol is
supported but does not support any of our ciphers (a very unlikely
situation! Had to artificially reduce attempted ciphers to test.)
Send large groups of ciphers and eliminate chosen ones until the server
gives up. This results in far fewer exchanges than trying every cipher
individually.
Also fixed a bug introduced in r26521 where failing to send NULL
compressor results in a rejected handshake, and updated the list of
ciphers from 213 to 359.
http://seclists.org/nmap-dev/2012/q3/156
slower one-at-a-time enumeration method that has proved to be more
robust. Other changes:
- Fixes the "malformed packet" bug.
- Treats RSTs as rejections, not fatal errors.
- Adds some obsolete ciphers that were requested.
- SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
- SSL_RSA_FIPS_WITH_DES_CBC_SHA
- Adds some other cipher definitions.
- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA
- TLS_DHE_DSS_WITH_RC4_128_SHA
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
- TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
- TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
