The TLS standard (TLS 1.2, but also probably the others) states:
> In the absence of an application profile standard specifying
> otherwise, a TLS-compliant application MUST implement the cipher
> suite TLS_RSA_WITH_AES_128_CBC_SHA
This was causing some problems with some implementations (See
http://seclists.org/nmap-dev/2014/q3/119)
for lib in nselib/*.lua*; do l=${lib#*/}; l=${l%.lua*}; find . -name \
\*.lua -o -name \*.nse | xargs grep -l "require .$l\>" | xargs grep \
-c "\<$l\." | grep ':0$' | awk -F: '{print "'$l'", $1}'; done
Did not remove calls to stdnse.silent_require since these can be used to
abort script execution if OpenSSL is not included, even if the script
does not directly call openssl.* (perhaps it uses comm.tryssl instead,
for instance).
Also did not remove require "strict", since that library is special and
modifies the environment.
From this thread: http://seclists.org/nmap-dev/2014/q1/105
* Extensions now better supported in tls.lua
* ssl-enum-ciphers sends all EC options to ensure servers reply with
supported EC suites
* tls.lua supports multiple messages of a single type within 1 record
* tls.record_buffer will read an entire TLS record into a buffer
* ssl-date and tls-nextprotoneg updated to use tls.record_buffer
