Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
ssl_ciphers
dot0037 at iperbole
Sep 11, 2002, 12:08 PM
Post #1 of 2 (499 views)
Permalink
Hi,
I've slightly modified the plugin ssl_ciphers to make it show
which are the weak and medium strenght ciphers one should remove.
It's right to send to you thise kind of patches?


--
Ciao
Marco Innocenti

Attached Files:

Re: ssl_ciphers [ In reply to ]
angelo.neri at cineca
Sep 12, 2002, 12:26 AM
Post #2 of 2 (475 views)
Permalink
Quindi ce l'hai fatta, alla fine !
Qual'era l'inghippo ?

Marco Innocenti wrote:

> Hi,
> I've slightly modified the plugin ssl_ciphers to make it show
> which are the weak and medium strenght ciphers one should remove.
> It's right to send to you thise kind of patches?
>
>
>
>
> ------------------------------------------------------------------------
>
> --- ssl_ciphers.c.old 2002-07-03 17:21:32.000000000 +0200
> +++ ssl_ciphers.c 2002-09-11 20:44:33.000000000 +0200
> @@ -66,7 +66,7 @@
> #else
> char *p, *q, *trp_name, *trp0_name;
> int port, trp, trp0, cnx = -1, i, bits;
> - char *name, buf[2048], *pbuf, rep[512], *prep;
> + char *name, buf[2048], sslweak[2048], sslmedium[2048], *pbuf, rep[512], *prep;
> SSL_CIPHER *c = NULL;
> SSL *ssl = NULL;
> int weak = 0, medium = 0, strong = 0, null =0, nCiphers = 0;
> @@ -160,11 +160,32 @@
> * So we have to check if the algorithm is "export grade"
> */
> if (strncmp(q, "EXP", 3) == 0)
> - weak ++;
> + {
> + weak ++;
> + if ( (strlen(q) + strlen(sslweak))<2045 )
> + {
> + strcat(sslweak,q);
> + strcat(sslweak,"\n");
> + }
> + }
> else if (bits < 56) /* arbitrary limit 1. You may disagree */
> - weak ++;
> + {
> + weak ++;
> + if ( (strlen(q) + strlen(sslweak))<2045 )
> + {
> + strcat(sslweak,q);
> + strcat(sslweak,"\n");
> + }
> + }
> else if (bits < 90) /* arbitrary limit 2. Same remark */
> - medium ++;
> + {
> + medium ++;
> + if ( (strlen(q) + strlen(sslmedium))<2045 )
> + {
> + strcat(sslmedium,q);
> + strcat(sslmedium,"\n");
> + }
> + }
> else
> strong ++;
>
> @@ -221,10 +242,12 @@
> The weak/medium ciphers may be chosen by an export-grade\n\
> or badly configured client software. They only offer a \n\
> limited protection against a brute force attack\n\
> +The weak ciphers found were:\n%s\
> +The medium strength ciphers found were:\n%s\
> \n\
> Solution: disable those ciphers and upgrade your client\n\
> software if necessary",
> - trp_name, strong, medium, weak);
> + trp_name, strong, medium, weak, sslweak, sslmedium);
> post_info(env, port, rep);
> }
> }
>


--
-------------------------------------------------------------------------
Angelo Neri e-mail: a.neri@cineca.it
CINECA (Inter University Computing Center)
via Magnanelli 6/3 Tel : +39 0516171491
40033 Casalecchio di Reno +39 0516171411
BOLOGNA
ITALY
-------------------------------------------------------------------------

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal