Open jordantrc opened 6 years ago
I've seen this issue when the server requires a client certificate (which sslscan doesn't have), but I think a number of things could cause it.
If it's still an issue for you in 2019 and you have the inclination to test, I've submitted a pull request that will display the underlying SSL error here: https://github.com/rbsec/sslscan/pull/179
...however it doesn't address the "client certificate" case.
You might just see:
SSL_get_error(ssl, cipherStatus) returned: 1 (SSL_ERROR_SSL) [sslscan.c:testCipher@1584]:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
...which is caused by testing for SSLv3 against a server that doesn't support SSLv3.
I have the same issue, the error is SSL_get_error(ssl, cipherStatus) returned: 5 (SSL_ERROR_SYSCALL)
No issues under WSL/Linux; no issues with testssl.sh under MSYS/MinGW using a MinGW build of Peter Mosman's OpenSSL. The only other case with issues is SSLyze, but I haven't tried debugging that to confirm if it's the same problem causing it.
To reproduce it, scan a server started like this using a Windows version of sslscan:
export KEYDIR=.
openssl req -x509 -nodes -sha1 -newkey rsa:1024-keyout selfsigned.key -out selfsigned.crt -days 9999
openssl dhparam -out dhparam.pem 512
openssl s_server -4 -accept 8081 -www -cert $KEYDIR/selfsigned.crt -key $KEYDIR/selfsigned.key -dhparam $KEYDIR/dhparam.pem -cipher "ALL:eNULL:ADH:EXPORT"
When scanning a host without --verbose, I get an empty list of Supported Server Cipher(s). When I add the --verbose option, I get three "SSL_get_error(ssl, cipherStatus) said: 1" errors in the Supported Server Cipher(s) list.
I'm able to use the nmap ssl-enum-ciphers script to enumerate the ciphers without issue, see below:
Is it possible to get anymore verbosity out of the sslscan application? Has this error been encountered before and is there a workaround or other mitigation?
Thanks for any help you can provide. Jordan