You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If OpenSSL supports SSLv2, then Nsock tries to use a SSLv2-compatible handshake first, and if that fails, it closes the socket, reopens it, and restarts the handshake with SSL_OP_NO_SSLv2. This breaks all the scripts that rely on sslcert.lua's specialized SSL connection functions (a.k.a. STARTTLS), since in those cases, the specialized setup handshake has to happen for each TCP connection opened.
A possible fix for this would be to remove this fallback from Nsock and give the application (Nmap or NSE) finer-grained control over SSL options. It would be more of a pain and mean we'd be writing this fallback code in multiple places, but otherwise I don't see how to handle it for the STARTTLS case.
The text was updated successfully, but these errors were encountered:
If OpenSSL supports SSLv2, then Nsock tries to use a SSLv2-compatible handshake first, and if that fails, it closes the socket, reopens it, and restarts the handshake with SSL_OP_NO_SSLv2. This breaks all the scripts that rely on sslcert.lua's specialized SSL connection functions (a.k.a. STARTTLS), since in those cases, the specialized setup handshake has to happen for each TCP connection opened.
A possible fix for this would be to remove this fallback from Nsock and give the application (Nmap or NSE) finer-grained control over SSL options. It would be more of a pain and mean we'd be writing this fallback code in multiple places, but otherwise I don't see how to handle it for the STARTTLS case.
The text was updated successfully, but these errors were encountered: