Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Library tls

A library providing functions for doing TLS/SSL communications

These functions will build strings and process buffers. Socket communication is left to the script to implement.

Author:
"Daniel Miller <bonsaiviking@gmail.com>"

Source: http://nmap.org/svn/nselib/tls.lua

Functions

cipher_info (c)

Get info about a cipher suite

client_hello (t)

Build a client_hello message

record_buffer (sock, buffer, i)

Get an entire record into a buffer

record_read (buffer, i)

Read a SSL/TLS record

record_write (type, protocol, b)

Build a SSL/TLS record

rsa_equiv (ktype, bits)

Get the strength-equivalent RSA key size



Functions

cipher_info (c)

Get info about a cipher suite

Returned table has "kex", "cipher", "mode", "size", and "hash" keys, as well as boolean flag "draft". The "draft" flag is only supported for some suites that have different enumeration values in draft versus final RFC.

Parameters

  • c: The cipher suite name, e.g. TLS_RSA_WITH_AES_128_GCM_SHA256

Return value:

A table of info as described above.
client_hello (t)

Build a client_hello message

The options table has the following keys:

  • "protocol" - The TLS protocol version string
  • "ciphers" - a table containing the cipher suite names. Defaults to the NULL cipher
  • "compressors" - a table containing the compressor names. Default: NULL
  • "extensions" - a table containing the extension names. Default: no extensions

Parameters

  • t: Table of options

Return value:

The client_hello record as a string
record_buffer (sock, buffer, i)

Get an entire record into a buffer

Caller is responsible for closing the socket if necessary.

Parameters

  • sock: The socket to read additional data from
  • buffer: The string buffer holding any previously-read data (default: "")
  • i: The position in the buffer where the record should start (default: 1)

Return values:

  1. status Socket status
  2. Buffer containing at least 1 record if status is true
  3. Error text if there was an error
record_read (buffer, i)

Read a SSL/TLS record

Parameters

  • buffer: The read buffer
  • i: The position in the buffer to start reading

Return values:

  1. The current position in the buffer
  2. The record that was read, as a table
record_write (type, protocol, b)

Build a SSL/TLS record

Parameters

  • type: The type of record ("handshake", "change_cipher_spec", etc.)
  • protocol: The protocol and version ("SSLv3", "TLSv1.0", etc.)
  • b: The record body

Return value:

The SSL/TLS record as a string
rsa_equiv (ktype, bits)

Get the strength-equivalent RSA key size

Based on NIST SP800-57 part 1 rev 3

Parameters

  • ktype: Key type ("dh", "ec", "rsa", "dsa")
  • bits: Size of key in bits

Return value:

Size in bits of RSA key with equivalent strength

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]