Skip to content

2.1.6

Latest
Compare
Choose a tag to compare
@rbsec rbsec released this 05 Dec 13:42

Newer version of OpenSSL flag the CCM8 ciphers suites (such as AES256-CCM8/TLS_DHE_RSA_WITH_AES_256_CCM_8) as having a strength of 64 bits due to the short authentication tag, as discussed here:

openssl/openssl#16652

This meant that if sslscan was statically against older versions of OpenSSL built they would show up as 128/256 bits, but if it was built against a newer version (as Kali does for their package) they would show up as 64 bit. To work around this, we manually set the strength for these ciphers to 64 bit (regardless of what the version of OpenSSL we're building against thinks they are), so that all versions should return consistent results.