Does not support SNI - Githubissues

CiscoCXSecurity / ssl-cipher-suite-enum

ssl-cipher-suite enum is a Perl script to enumerate supported SSL cipher suites supported by network services (principally HTTPS)

GNU General Public License v2.0

29 stars 8 forks source link

Does not support SNI #3

Open xkill opened 8 years ago

xkill commented 8 years ago

The actual version does not support SNI: https://es.wikipedia.org/wiki/Server_Name_Indication

So it does not work fine if there are several SSL configurations for different hostnames.

AntGarSil commented 8 years ago

Do you mean it doesn't work against the IP or against each independent SNI domain? For it to work against the IP I guess a reverse lookup should be implemented (you can always do it yourself and feed it to ssl-cipher-enum). If it doesn't work against the domain its another story.

xkill commented 7 years ago

Against independent hostnames:

For example, you can have an IP address with several virtual hosts and different SSL configurations for each host by taking advantage of SNI on TLS.

So ssl-cipher-suite-enum always test against the default SSL configuration of the server without checking the TLS ciphers using different hostnames on the SNI.