nmap未报告server.xml中包含的密码

时间:2019-07-19 18:38:00

标签: tls1.2 windows-server-2012 server.xml tomcat8.5

不明白为什么nmap没有报告所有其他密码。 Windows Server 2012 R2上的TOMCAT 8.5,JSSE实施。

现在已经为此奋斗了几天。也许我缺少一些基本的东西? 谢谢

我添加了,删除了密码都没有用。仅报告了一些具体的信息。

对于Windows Server 2012 R2上的TOMCAT8.5,我具有以下server.xml配置。

<Connector 
    protocol="org.apache.coyote.http11.Http11NioProtocol" 
    port="443" 
    maxThreads="500" 
    scheme="https" 
    secure="true" 
    SSLEnabled="true" 
    server="Apache">
    <SSLHostConfig 
        honorCipherOrder="true"
        ciphers="TLS_RSA_WITH_AES_128_CBC_SHA256,
            TLS_RSA_WITH_AES_128_CBC_SHA,
            TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
            TLS_RSA_WITH_AES_128_GCM_SHA256, 
            TLS_RSA_WITH_AES_128_CBC_SHA256,
            TLS_RSA_WITH_AES_128_CBC_SHA,
            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
            TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
            TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
            TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
            TLS_RSA_WITH_AES_256_GCM_SHA384,
            TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
            TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
            TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
            TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
                            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
                            TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
                            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                            TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"   
            protocols="TLSv1.2" 
            certificateVerification="false"
            truststoreFile="/conf/jssecacerts"
            truststorePass="<changeit>">
        <Certificate 
            certificateKeyAlias="<alias>"
            certificateKeystoreFile="conf/<app>.keystore" 
            certificateKeystorePassword="<changeit>" 
            type="RSA" />

    </SSLHostConfig>
</Connector>

我跑步时

nmap --script ssl-enum-ciphers -p 443 <hostname> 

要验证可用的密码,我只会看到以下内容:

Host is up (0.0010s latency).

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|     warnings:
|       Key exchange (dh 1024) of lower strength than certificate key
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 4.20 seconds

0 个答案:

没有答案