Hi All,

Is there a way to get one of those fancy tool in nmap to tell me the "level" (version) of SSL and/or TLS that a web site is using?

The script for ssl in nmap does not deal with ssl v3.

Try this instead:

https://github.com/drwetter/testssl.sh.git

This gives you all sorts of information about the ssl version and much more.

--- Q: Why do programmers confuse Halloween and Christmas? A: Because OCT 31 == DEC 25.

On 1/22/22 12:18, alan@clueserver.org wrote:

The script for ssl in nmap does not deal with ssl v3.

At this point, if you see anything less than TLS 1.2, you should treat it as a bug.

This didn't work for me

On 1/23/22 01:33, Francis.Montagnac@inria.fr wrote:

Hi

On Sat, 22 Jan 2022 12:27:30 -0800 Gordon Messmer wrote:

...

The "ssl-enum-ciphers" script will enumerate TLS versions and cipher sets for each version.

The sslscan command does also that I think. Haven't compare them.

I LOVE that command!!! Thank you!

Here is trustwave.com's web site. You know, the ones always shaking the figure at you for not being PCI (Payment Card Industry) compliant. Good thing they do not take credit cards on that site!

$ sslscan trustwave.com Version: 2.0.6-static OpenSSL 1.1.1g 21 Apr 2020

Connected to 40.74.245.244

Testing SSL server trustwave.com on port 443 using SNI name trustwave.com.

SSL/TLS Protocols: SSLv2 disabled SSLv3 disabled TLSv1.0 enabled TLSv1.1 enabled TLSv1.2 enabled TLSv1.3 disabled

TLS Fallback SCSV: Server does not support TLS Fallback SCSV

TLS renegotiation: Secure session renegotiation supported

TLS Compression: Compression disabled

Heartbleed: TLSv1.2 not vulnerable to heartbleed TLSv1.1 not vulnerable to heartbleed TLSv1.0 not vulnerable to heartbleed

Supported Server Cipher(s): Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve 25519 DHE 253 Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.2 256 bits AES256-GCM-SHA384 Accepted TLSv1.2 128 bits AES128-GCM-SHA256 Accepted TLSv1.2 256 bits AES256-SHA256 Accepted TLSv1.2 128 bits AES128-SHA256 Accepted TLSv1.2 256 bits AES256-SHA Accepted TLSv1.2 128 bits AES128-SHA Accepted TLSv1.2 112 bits DES-CBC3-SHA Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.1 256 bits AES256-SHA Accepted TLSv1.1 128 bits AES128-SHA Accepted TLSv1.1 112 bits DES-CBC3-SHA Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253 Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253 Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 1024 bits Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 1024 bits Accepted TLSv1.0 256 bits AES256-SHA Accepted TLSv1.0 128 bits AES128-SHA