I was looking at the output of ssl_supported_ciphers.nasl and noticed
a couple of things... unless I'm not understanding something in the
plugin, which is possible.
First, the "Export Ciphers" category is pretty useless now (I think),
and only adds confusion to the output (I understand it's still
documented and technically exists, but it really has no meaning). I'd
recommend dropping it from the output.
Second, I think the cipher bit length checking in the code did not
match what was displayed in the output. For example, the output said
the category is:
Medium Strength Ciphers (128-bit key)
but the code said:
else if (nbits < 112) cat = MEDIUM_STRENGTH;
Patch below, if the changes are sane.
-Sullo
--
http://www.cirt.net/ | http://www.osvdb.org/
$ diff ssl_supported_ciphers.nasl new_ssl_supported_ciphers.nasl
41c41
< Reconfigure the affected application if possible to avoid use of
---
> If possible, reconfigure the affected application to avoid using
76d75
<
92,93d90
< EXPORT_STRENGTH = ++cat;
< labels[cat] = "Export Ciphers";
95c92
< labels[cat] = "Low Strength Ciphers (excluding export, < 128-bit key)";
---
> labels[cat] = "Low Strength Ciphers (< 128-bit key)";
407,408c404
< if (label =~ "\|export") cat = EXPORT_STRENGTH;
< else if (label =~ "Enc=None") cat = NULL_STRENGTH;
---
> if (label =~ "Enc=None") cat = NULL_STRENGTH;
418,419c414,415
< else if (nbits < 56) cat = LOW_STRENGTH;
< else if (nbits < 112) cat = MEDIUM_STRENGTH;
---
> else if (nbits < 128) cat = LOW_STRENGTH;
> else if (nbits == 128) cat = MEDIUM_STRENGTH;
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
a couple of things... unless I'm not understanding something in the
plugin, which is possible.
First, the "Export Ciphers" category is pretty useless now (I think),
and only adds confusion to the output (I understand it's still
documented and technically exists, but it really has no meaning). I'd
recommend dropping it from the output.
Second, I think the cipher bit length checking in the code did not
match what was displayed in the output. For example, the output said
the category is:
Medium Strength Ciphers (128-bit key)
but the code said:
else if (nbits < 112) cat = MEDIUM_STRENGTH;
Patch below, if the changes are sane.
-Sullo
--
http://www.cirt.net/ | http://www.osvdb.org/
$ diff ssl_supported_ciphers.nasl new_ssl_supported_ciphers.nasl
41c41
< Reconfigure the affected application if possible to avoid use of
---
> If possible, reconfigure the affected application to avoid using
76d75
<
92,93d90
< EXPORT_STRENGTH = ++cat;
< labels[cat] = "Export Ciphers";
95c92
< labels[cat] = "Low Strength Ciphers (excluding export, < 128-bit key)";
---
> labels[cat] = "Low Strength Ciphers (< 128-bit key)";
407,408c404
< if (label =~ "\|export") cat = EXPORT_STRENGTH;
< else if (label =~ "Enc=None") cat = NULL_STRENGTH;
---
> if (label =~ "Enc=None") cat = NULL_STRENGTH;
418,419c414,415
< else if (nbits < 56) cat = LOW_STRENGTH;
< else if (nbits < 112) cat = MEDIUM_STRENGTH;
---
> else if (nbits < 128) cat = LOW_STRENGTH;
> else if (nbits == 128) cat = MEDIUM_STRENGTH;
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers