Renaud, thank you very much for the prompt response.. A couple of
follow-ups:
>> 2) Does the test actually test for all three of the original bugs,
>> CAN-2003-0545, CAN-2003-0543, and CAN-2003-0544 as well as the later
>> from November CAN-2003-0851?
>
> No, it checks for _none_ of these bugs (as it would be otherwise
> destructive).
Okay, I think I was confused because the ssltest.nasl has the following:
script_cve_id("CAN-2003-0543", "CAN-2003-0544", "CAN-2003-0545");
I understand the part about sending an "unsolicited" certificate, but I
was misled somewhat by the CANs above. Clearly, if you can't send an
unsolicited certificate, you can't send a bogus one, but what if the web
server actually REQUIRES a valid client cert, but still has the bugs? In
this case, wouldn't it gladly take the cert offered, but still have the
bug, resulting in the ssltest.nasl not correctly identifying the bug?
> You'd need to do "SSL fingerprinting" - send on-the-edge SSL requests
> (on the edge protocol-wise), and look at how the remote SSL stack
> responds
I am guessing that you are not aware of anything that does this already?
Being not nearly as smart as most of the developers who have a clue, I
wouldn't have the know-how (let alone the time) to do this my self :)
Thanks,
Mark Lachniet
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
