[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-dev
Subject:    Re: SSL support in Ncat - confusing server parameters
From:       David Fifield <david () bamsoftware ! com>
Date:       2009-02-28 1:31:34
Message-ID: 20090228013133.GB8044 () gusto
[Download RAW message or body]

On Tue, Feb 17, 2009 at 10:08:37PM -0700, David Fifield wrote:
> On Sat, Feb 07, 2009 at 12:06:17PM +0100, Kristof Boeynaems wrote:
> > -------------------------------------------------------------------------
> > 1. Ncat as SSL server - confusing parameters
> > -------------------------------------------------------------------------
> > The only way I could Ncat get to work as SSL server is by specifying
> > all the SSL parameters, that is, not only --ssh, but also --ssl-key
> > and --ssl-cert.
> > E.g.
> > 
> >   ./ncat --ssl -l 1111 --ssl-cert
> > /usr/share/doc/libssl-dev/demos/sign/cert.pem --ssl-key
> > /usr/share/doc/libssl-dev/demos/sign/key.pem
> > 
> > (Note that I am using a certificate and key that comes with libssl-dev)
> > 
> > Now, the fact that the cert and key parameters have to be specified as
> > well, might sound obvious to SSL experts, but I forgot this in first
> > instance, and that returns some obscure errors, depending on the SSL
> > client used to connect to the Ncat server.
> 
> Maybe we should give instructions for generating a key and certificate,
> either in the warning message or in the documentation. I used this
> command to generate files for testing:
> 
> openssl req -new -x509 -keyout test-key.pem -out test-cert.pem
> 
> Is that all that's necessary, or should that command be adjusted before
> being committed to documentation? OpenSSL experts?

I added that command to the SSL section.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
[prev in list] [next in list] [prev in thread] [next in thread]