使用 nmap 对 SSL 协议进行检测,SSL协议存在弱加密算法。( nma
-sV -p 443--script ssl-enum-ciphers om.apuscn.com)
# nmap -sV -p 443 --script ssl-enum-ciphers cax.xx.cn Starting Nmap 6.40 ( http://nmap.org ) at 2024-03-12 14:55 CST Nmap scan report for cax.xx.cn (109.244.8.232) Host is up (0.013s latency). Other addresses for cax.xx.cn (not scanned): 10x.x.xx.234 PORT STATE SERVICE VERSION 443/tcp open ssl/https? | ssl-enum-ciphers: | SSLv3: No supported ciphers found | TLSv1.0: | ciphers: | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong | compressors: | NULL | TLSv1.1: | ciphers: | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong | compressors: | NULL | TLSv1.2: | ciphers: | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA256 - strong | TLS_RSA_WITH_AES_128_CCM - strong | TLS_RSA_WITH_AES_128_CCM_8 - strong | TLS_RSA_WITH_AES_128_GCM_SHA256 - strong | TLS_RSA_WITH_AES_256_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA256 - strong | TLS_RSA_WITH_AES_256_CCM - strong | TLS_RSA_WITH_AES_256_CCM_8 - strong | TLS_RSA_WITH_AES_256_GCM_SHA384 - strong | TLS_RSA_WITH_ARIA_128_GCM_SHA256 - strong | TLS_RSA_WITH_ARIA_256_GCM_SHA384 - strong | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - strong | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - strong | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - strong | compressors: | NULL |_ least strength: strong 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi : SF-Port443-TCP:V=6.40%T=SSL%I=7%D=3/12%Time=65EFFC5F%P=x86_64-redhat-linux SF:-gnu%r(GetRequest,CC,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\x20op SF:enresty\r\nDate:\x20Tue,\x2012\x20Mar\x202024\x2006:55:27\x20GMT\r\nCon SF:tent-Type:\x20text/html;\x20charset=UTF-8\r\nConnection:\x20close\r\nVa SF:ry:\x20Accept-Encoding\r\nAccess-Control-Allow-Credentials:\x20true\r\n SF:\r\n")%r(HTTPOptions,CC,"HTTP/1\.1\x20404\x20Not\x20Found\r\nServer:\x2 SF:0openresty\r\nDate:\x20Tue,\x2012\x20Mar\x202024\x2006:55:33\x20GMT\r\n SF:Content-Type:\x20text/html;\x20charset=UTF-8\r\nConnection:\x20close\r\ SF:nVary:\x20Accept-Encoding\r\nAccess-Control-Allow-Credentials:\x20true\ SF:r\n\r\n")%r(RTSPRequest,9A,"<html>\r\n<head><title>400\x20Bad\x20Reques SF:t</title></head>\r\n<body>\r\n<center><h1>400\x20Bad\x20Request</h1></c SF:enter>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n")%r( SF:RPCCheck,12F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20openrest SF:y\r\nDate:\x20Tue,\x2012\x20Mar\x202024\x2006:55:33\x20GMT\r\nContent-T SF:ype:\x20text/html\r\nContent-Length:\x20154\r\nConnection:\x20close\r\n SF:\r\n<html>\r\n<head><title>400\x20Bad\x20Request</title></head>\r\n<bod SF:y>\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>op SF:enresty</center>\r\n</body>\r\n</html>\r\n")%r(DNSVersionBindReq,12F,"H SF:TTP/1\.1\x20400\x20Bad\x20Request\r\nServer:\x20openresty\r\nDate:\x20T SF:ue,\x2012\x20Mar\x202024\x2006:55:33\x20GMT\r\nContent-Type:\x20text/ht SF:ml\r\nContent-Length:\x20154\r\nConnection:\x20close\r\n\r\n<html>\r\n< SF:head><title>400\x20Bad\x20Request</title></head>\r\n<body>\r\n<center>< SF:h1>400\x20Bad\x20Request</h1></center>\r\n<hr><center>openresty</center SF:>\r\n</body>\r\n</html>\r\n")%r(DNSStatusRequest,12F,"HTTP/1\.1\x20400\ SF:x20Bad\x20Request\r\nServer:\x20openresty\r\nDate:\x20Tue,\x2012\x20Mar SF:\x202024\x2006:55:33\x20GMT\r\nContent-Type:\x20text/html\r\nContent-Le SF:ngth:\x20154\r\nConnection:\x20close\r\n\r\n<html>\r\n<head><title>400\ SF:x20Bad\x20Request</title></head>\r\n<body>\r\n<center><h1>400\x20Bad\x2 SF:0Request</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n SF:</html>\r\n")%r(Help,12F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nServer: SF:\x20openresty\r\nDate:\x20Tue,\x2012\x20Mar\x202024\x2006:55:33\x20GMT\ SF:r\nContent-Type:\x20text/html\r\nContent-Length:\x20154\r\nConnection:\ SF:x20close\r\n\r\n<html>\r\n<head><title>400\x20Bad\x20Request</title></h SF:ead>\r\n<body>\r\n<center><h1>400\x20Bad\x20Request</h1></center>\r\n<h SF:r><center>openresty</center>\r\n</body>\r\n</html>\r\n"); Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 27.18 seconds
标签:TLS,CBC,AES,RSA,安全,strong,SF From: https://www.cnblogs.com/machangwei-8/p/18068331