1

I'm trying to write/modify a metasploit module to find out which ciphers are supported by a server (for scanning purposes). Will I have to enumerate the ciphers, by trying them all out, or is there a way I can request from the server which ciphers it supports?

So far I've only been able to find out which modules are supported by my local openssl version.

When I want to read information about a certificate, I can do it using:

cert = OpenSSL::X509::Certificate.new(sock.peer_cert)
print_status("#{ip}:#{rport} Public Key: #{cert.public_key}")

Is there something similar for ciphers?

user857990
  • 1,140
  • 3
  • 14
  • 29

2 Answers2

2

So unless there is this one request, which I still don't know - I guess this here is a pretty good description of how to enumerate the servers supported ciphers:

http://gursevkalra.blogspot.ch/2009/09/ruby-and-openssl-based-ssl-cipher.html

user857990
  • 1,140
  • 3
  • 14
  • 29
-1

You first load all the ciphers with openssl_add_all_ciphers then you can interrogate about individual ciphers with EVP_get_cipherbyname. There are ways to enumerate the ciphers, eg. using OBJ_NAME_do_all_sorted.

Ruby's OpenSSL module has a hardcoded list:

 class Cipher
    %w(AES CAST5 BF DES IDEA RC2 RC4 RC5).each{|name|
      klass = Class.new(Cipher){
        define_method(:initialize){|*args|
          cipher_name = args.inject(name){|n, arg| "#{n}-#{arg}" }
          super(cipher_name)
        }
      }

PS. Obviously there is the ciphers command, but that is no fun.

Remus Rusanu
  • 288,378
  • 40
  • 442
  • 569
  • Do I understand correctly, that this is only when you execute this when on the server? My question is geared towards scanning from outside. Just edited the question, to provide a better understandability: Will I have to enumerate the ciphers, by trying them all out, or is there a way I can request from the server which ciphers it supports? – user857990 Dec 05 '12 at 09:54
  • Are you asking which ciphers does the server support (requires you to run the code on server) or which ciphers does *an SSL handshake support* ? – Remus Rusanu Dec 05 '12 at 10:28
  • `sslscan --no-failed server:port` returns a list with the title _Supported Server Cipher(s)_. Basicly I want to read that information, but with ruby. Enumeration the only possibility? – user857990 Dec 05 '12 at 10:35