Nmap Developmentmailing list archives
NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25
From: Tom Sellers <nmap () fadedcode net>
Date: Thu, 01 Oct 2009 18:21:25 -0500
Ok, I have been messing around with trying to pull the SSL cert that isbeing used for the TLS connection over port 25. After a couple questionsfrom David I have basically decided that I am probably making this muchharder than it has to be and wasting time.Basically I am trying to gather information about the SSL certificate thatis being used for a SMTP over TLS connection on port 25. The problem is thatthe session starts out non-SSL. Once the connection is made, and if theserver supports it, the client issues the STARTTLS command and then a TLSconnection is negotiated.This port is different than 465 where the whole conversation starts out andis encapsulated with SSL/TLS.I have tried connecting to port 25 with a socket, getting to STARTTLS andthen trying to use get_ssl_certificate() but I think at that point it expectsthat the SSL tunnel has already been negotiated.My last effort involved modifying ssl-cert.nse to work on port 25, thenif the SSL session errored out on port 25/smtp I would open a fresh socket,toss EHLO at it, vet the response and then send STARTTLS. If that is allgood I tried grabbing the cert..Any thoughts on kicking off the SSL negotiation on a existing socket or anything else that would help for that matter.Thanks much,Tom_______________________________________________Sent through the nmap-dev mailing listhttp://cgi.insecure.org/mailman/listinfo/nmap-devArchived athttp://SecLists.Org
Current thread:
- NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25Tom Sellers (Oct 01)
- Re: NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25kx (Oct 01)
- Re: NSE: Need advice on pulling SSL cert used for TLS connectionoverSMTP port 25Tom Sellers (Oct 02)
- Re: NSE: Need advice on pulling SSL cert used for TLSconnection over SMTP port 25SM (Oct 02)
- Re: NSE: Need advice on pulling SSL cert used for TLS connectionoverSMTP port 25Tom Sellers (Oct 03)
- Re: NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25Patrick Donnelly (Oct 04)
- Re: NSE: Need advice on pulling SSL cert used for TLS connectionoverSMTP port 25Tom Sellers (Oct 04)
- Re: NSE: Need advice on pulling SSL cert used for TLS connectionoverSMTP port 25Tom Sellers (Oct 04)
- Re: NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25Fyodor (Oct 04)
- Re: NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25Patrick Donnelly (Oct 06)
- Re: NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25Patrick Donnelly (Oct 04)
- Re: NSE: Need advice on pulling SSL cert used for TLS connection overSMTP port 25kx (Oct 01)