Vulners
Lucene search
#TRUSTED 1a77cb1bdd2c0b36030a8beba4ea672f6998990838e501c98a9eafa8ecd66eb5eb3c9e16bec8bcf777773ca29ff189b2521e3b6012ccbe2f69267dd2ecdbcc1a8a9a7ec7a6a126f89a0759039c3af23467600aa6517e8b7e892441948c5b23ada9bb8bc17e6787fb895548cae6e1d26d8d72e187cae880fcee2a979c9c814e9639db79702fcf517dd9700eacc92924a5954dce8cb337f9acadc566df6a8ccf599c039df6e263d2be9ee994d2adf4f6311028ae610e77bc618bb8b9b852fd1473cf8ddc19086d77bb4990fa3d84047feb1378ee6d305e518181f912134b5745b706c2f427e4ffccea7a9df32f0d2fe2fa746de42ed6e36dd5d54060c115cd5c1c48354fc3aa3a6976462387e93224a673a87e93302089124df79c47097881dbee7d5602dbb6877254b46b07c8fab87b6d1ab2ed7a385b829f005946e65e1986a36945541354ce0365b57a419609be0d5498c878e9e4ba97914702b4930f662ed7f0f0720093bfcf42754b071403ef766ef3508edfa86a3f3d9a80da04af1a0bb1ecaaa723cbe0d63504a81b4480245e6f72702bddeadf59082fbd564fe0d1396042a0e3216021ec170617e4e63a8da93d2fad7c541e1116efc9c717b5d81f459fd595aeab5b06bc333d8abe64175e9cb41b391e5d936028745f7c2520e6f84521cc5afa097b25fbb3ad5c966e9a5fe040aa0fbb2d2ace162b40fafa73b8ff9c23
#TRUST-RSA-SHA256 8e7068b83d73058e3971058959e0d9f3dafdd88542a303230634a09bacde47ee773b410657718d08c29edd430dfa03373d89c0e15e8bce11b433bd836cd867bb0f496757cefdd8f98c11d97b9ff13a3e36cf4f95e4306daa28be5b7bd7e95a9ff45a56ca803e349bbce3a1e05a8d9ec88a3c07b884f8b14e72f65e244e4dbaf71aa79965061e054843cb364285df41728ace98be651d4140a662e859590ae55e3a41a5bf73eec688cbceffbfbbb3d1c042cc15fd3484e33dc8005e74f3ea7f0137b1cbb8b67974a80be2b5afb2a216ec7737b1884b6c021b6a29c13d4f10565faf130273781970044a178a84f2474a4f673e5543684f11d3535a61936d4520987b496c90fbb53b364ed84a0baa717af88ae98be70412d48a6a88d16df1c23327b1709b08b1c11312d2d0e52b5bf77d0661aceeef6ecb0f62ea79c40a3fdf725c1614036c1d858c400f84ddc3a87a0279a58807a71e0cdda0195c611a5f3ebeb394298983a56e5ba4fb459cc3487d42d6f04ae041c581207e87e0f71dfcdb2baa352548f0d3fbc1d313ffbb4f2d43aefd86b545ec49f3d41fe660ef981511ce4919fd242335dd1910538c88e6595d432c65a5cf228a33b8aa2e37ff11fa447c57c43ba5fc6fddc15d64590967180041ad143e7478b17f7d0c0e573b52972c4a29b3a841d356003cad199e3f5d86185a7d92dd7ce321ab91f8df4cc16802cb814b
#%NASL_MIN_LEVEL 80900
#TRUST-RSA-SHA256
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if(description)
{
script_id(277654);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/15");
script_name(english:"TLS Supported Groups");
script_set_attribute(attribute:"synopsis", value:
"The remote service negotiates TLS supported curve groups.");
script_set_attribute(attribute:"description", value:
"This plugin detects which TLS supported groups entries are supported
by the remote service.");
script_set_attribute(attribute:"solution", value:"n/a");
script_set_attribute(attribute:"risk_factor", value:"None");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/12/08");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"General");
script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssl_supported_ciphers.nasl");
script_require_keys("SSL/Supported");
script_timeout(60 * 60);
exit(0);
}
include("ssl_funcs.inc");
include("lists.inc");
##
# Creates an array of hard-coded public keys for use in deriving key
# agreement support in the absence of engine functions for ML-KEM.
#
# @param [groups:list] A list of groups.
#
# @return [array] A dictionary mapping groups to hard-coded public keys.
##
function get_public_keys_by_groups(groups)
{
var public_keys = {};
for(var group of groups)
{
switch(group)
{
case 0x1d:
public_keys[group] = hex2raw(s:
'd235a6458ecf54db04408a9ae280e66709e9df4a064cd0316de7fb9d84681256');
break;
case 0x11eb:
public_keys[group] = hex2raw(s:
'0470514fd00b8012b05f4072177ed269f5b7548360efd97e0910cd13b92abad6' +
'c487c4f28c40c6eb65f130abfa968e3b4af2fb4228630394c6f8fb084b22e29b' +
'bf327bce35ec6604861a0670bceea0aca3014de120c1dfdb6a80b78f1b57264e' +
'ac60fcd5769ab97f71396097a6cafe25273012af18fac91329370b8c2fa2fa8d' +
'7a1b0054e02ea1e10b4f127f3b7ab821a2cb13782be4286b63360d23431620c1' +
'c18f625541c46a05f79ee5b9148b74bc533696465c32b48805a4f2404d9c06fe' +
'1b20d5775bdb40cda4f8cb7aa63e81122d1268a5ee2bbfa65526f4ca67f97c2b' +
'4de56606816ca0938c40a8360e7a4dcce055124072bdd7337df02eede8b3f5bc' +
'33f7f338dd781498d4c72592a422e348e5e98b255a7aff67c1f3fb03d31c00a1' +
'13a6cc479f3e6a783d193f5e9c10b933732f0a75aed22cab99cbd9855687a950' +
'509a6791763ae0e452b2533e0bb4a6c6116efc9c4a93eb42e1a06fdab7c3ce46' +
'cc3b3231077a40e573ab71fc13dbe10b49fcc0b3024fc73082c1e083e83c7bc0' +
'b7c6e16aaeb118c227c72f17acc64af56676e3c407d45057cc21ce702277f217' +
'ced19173594b7368ace409050bac4e1cc7051f8522e43320b5e777ece1bd8e33' +
'28f9d98cfe62cbbdb87f23e8c16152688f942cf096c714b34dbdc38424914edd' +
'e73d021342beb24098c8871ac24cd3d30685838296c4214b4b9ec712a884f96a' +
'3f511165824e7d252dae1ca959585694c3a37f0b13a41aa917f45a72c4cf76d0' +
'0aa2b0a0623c59d18381a835af18a7462487a5d07accb0602c4f2723594121a4' +
'9006156c65d0ccce4faca653ac3474c4ab74983d78e147eb964f8e839dfd051e' +
'71567fe0c9a24b86780e61aa77465f63a810ec226101199f8e53c1152a3626c3' +
'5ff43c2f307bcca8800d1d1735e1168f06c3c23f6378053bc2f95161563bbbed' +
'33909b87b1c16b462f521e7550bec5d554df140b6ed5b80848999bebacf68563' +
'acebbc73e932aa62c1631759355c2e78414156cb17134633c5ca0f7948688983' +
'46c47a6187c0652d4b4483201443d5c992677007bacce1361c7618c236e25718' +
'b322cd317029a43f6309c4e42b24a0fa8966c066fbf2a7e4f2c3389279fdb949' +
'eb8b4e813b4165611136ea39efbb5b3bc64c23899b7a6c19c13c28e235bcfea6' +
'2099b167a3492f6a1921ed5c1b9ec83666e83c29973922b6781be004b93a870b' +
'14c0ae356f53ea8d75345c2d11b26804ba94b791c24acd4c90060a3b7d83d829' +
'4dec111ebbcc831bb87c9aac18d93b1b3215e64082707a7df64813f25b803a64' +
'63a69a4259b769366382ac82c9476a466bb631229c1a54e45adc3c2c51967c0d' +
'5756ee756075bbad5981b10b5446707c8a64385a89f15097323e65d28d442132' +
'2c6441707077d79b554a348cdd501c10195516f907ad83334ea296a51962eb93' +
'7f04198d80d02e400bac94a34e82996d45c297c4283822935deff16bf93972a4' +
'f3519069cfd9e03ca8ba1fa8ba44f9e47b5c190d18e5456389b134074ac20b3c' +
'a9b02aeee170407a26ef2820ccb04ee704591942cf2b67085cf2413948960486' +
'3ceb4ccd71e969ff4c2ccd33c3b3514249696ea328b388815ba2c1ac39a66ad0' +
'1391f8775b25045b3ca253c52c341c380d9231a3261ccb95383d8e54aacbebbb' +
'4a7a5134c34817a7953da4047b7cae26988652532eba04bfd0db618716076570' +
'9950f590007fd9f0e6d2e58d600b9846f3ac6e77e9552e6f5fc06f7c144e6165' +
'be');
break;
case 0x11ec:
public_keys[group] = hex2raw(s:
'aa63c6b6c28b8598c14f3c4640f5b24371a57c993f7fa52c5f3b887ca2384d6b' +
'b72c3924c850023124370c0002e37ba18627bbc3c48b008c7d63abb4b707a7d9' +
'4697e76a4369414b0960c97d42cfb8b6741d43c0ded9c576316b1622b11b371d' +
'942c41a3919fc8962a6a776189293d6f6cc0000901e4772cb6107804e99eaf0a' +
'bc306758bd07a4bcb1137fca353dbb1cf0a9c56de884e7c9ce8fd11d63b76a75' +
'905fd7c9735a614959bb67f7711427bcc098c71a1aba506022ac4d47742ef043' +
'd011bcba92a6d7aa6d5824aacf60057c3c5dd01c4800f84bfefa5c30075f5054' +
'5ab960c247fa4e9736c86ae75d0d910ac3b7b41419a42bdba6b0173715137480' +
'c266626a67843959d4915a59c1a67c4965a6bc621893263e799c46b9bb5d697c' +
'4a6c061f5a741e957ca4fa4b4567c3526a8dda3148bd9cb15c5c85208bce1178' +
'3b62254d7cf83e2f3c1994433d2f585ef4a083530509026c3bb802a101e1afcb' +
'ac874b528f87f3106ac73705227e6b1c42efb4a56b0643e844b8bae3273e6202' +
'4df90cc36781ba9c935e11c8407b36fa1ab5f6c1afa999176150b1309c19927b' +
'8bd2842014f710c6c03be406630c48093643878f223d30942da9639b8e5a5adb' +
'd5066072695d87a510cc2aa3f0bcd62345c56630a38731468542e8c43786c75e' +
'ba8906f813bb0e834c8e6766dfab89fe264c3621be5f810d8aa922c1d3a00a00' +
'88362a30a217b785716a7674386cfba33ca0aa361436eb0bbed51025d80701a5' +
'16c1e613781ea2934573a2efc023d74592573cba4078886d5b8907843fae239e' +
'1a3418e8f08e5dd382c70463e764787e480f43d89616f70d93900980cc5277d2' +
'3c98ca058b15bddab53c68f490f54225b5c8c3249b1894436686649c57996bb2' +
'7b29aaba84b30160b7a23ea042c0ee14bc8ba607b6b77c6c7c439b3acbec1592' +
'ed49328f886514d51230924f3bd603fb594de6293161e6350b6737c9da0c1472' +
'b8837a4112c4b62c7b3feb3a09466b2aa456c0f1988d487946eb518411f5172c' +
'0b40c5e8cab89383ffa949d7007a17e25c0fba17b9ab644257a2cd660a6e395f' +
'3a1405de7c5254a522d4c43852c718d56c130ae552deeb3214c70b83f9989efb' +
'4bd74835bd0a0607c1b9e6d1340b2162a4b65fda3b4de00415c49117b8a018c7' +
'a29a35b14436c189f632787eb98f86922398c0af21a8c341832b1bc531a53764' +
'21b0569191b638048fe2e6cf0b05bc3f322d216182f46601093c26a589c1e95b' +
'c552b91a83e072e35137b5d837a9874c415c2e72a919ed6684e44a6e6f46858e' +
'079876549b60c47ba37ca98ec35953b8bdd2f94548e687b7759649905a4e9818' +
'210558bcc724f212b1d859a0d886bfb0f683e5f1b036b37e34b376d8fbadb60b' +
'406a81508bd8924af87ef4f72ea6720ce94bc2d8893d27e2529196af018b2cba' +
'b37e003c824fa2a3bad92df5945e0a4248283926f04c82604836eb57339aba7f' +
'918c7fe3fa65872b4f41d75977e91ebb114eeee26aae14889bb8a8dff66c66d0' +
'71758c1199d087b2d813a66c71cd9b3dc9d6851871b4bd8179bb9ab77548512e' +
'7baf80073cb1313b22575f5ba518d2c391e2e703ac48a02ea9822535aae88640' +
'9458019e77bc6b7299976e850660b3431268b4b655ead1e6d7312283f9d6048b' +
'f654ad1c853f197ae694c90f5d3c240d9b79c4c62519cb833ab9f8604648ca6c');
break;
case 0x11ed:
public_keys[group] = hex2raw(s:
'04aa3bcb2490093ebd69c115ccd42233b364f563c31baf12db19e93e682df95f' +
'34b7e33b97e346e17215ca053197d3189ecac1b7ea229f70b55678fe64a3750f' +
'bc9082f250d540be175e312eaa2886693d157822ac093f2391169549761704aa' +
'1e1d48b6af212c26e41c27836bb2341819c1c2787576c1513f5bac6609708e3d' +
'd76f4a9cb54843a054465503073260fa8bf77a39f9b50f91a95907f6c415b674' +
'19e318d1fabf04c63c789a4872c1b851ea66c63abe34ea8638a6b40301c9b3c5' +
'b40d27cbc40b0500f75b7a67237b134434d19fa7a4c2c9761bf2f75b466c3bd4' +
'01096c49427c953d75462e8d572b9b466b162c55566697e8a4a75e410d1e8181' +
'a109111e64078960148c173196e07ac9191aabc6c90d205ed9f128293a321bb4' +
'0a28bcc03733c2d0897c1354aa473c7a5838551b2b603bf750bb48497d34cdc1' +
'cc2889843065cc2e29c2afc4245215c918c56c13fea62b83475a8efbb55d6aa9' +
'7ec481c878748c7c9d3f90ab541c42d8165097e208123595efcaaf23b3b374a0' +
'397274b24205c574396f63eb5ec2bc52ca046c04b6bab663c17a5b6f01f173b7' +
'73042eb81f672ccc6f4b8d1a4c4790955ff4f385a717282e5b5a630b9612137c' +
'c32a9ad6d4a1c61223a5e60901f067fef971c2143574b7b4ef124763368ca10a' +
'549719b7a7028268636e7df5c08d5563e90c93163a682b59707f7380b372033c' +
'446610b797ab835f186596a32219ac301164c72b2193a6643b82b041a6262722' +
'dfd04c06451b00681af0d9666520a631f170b4031dd57146ccc0cf57a5b90d38' +
'420f8b69d66ba62e650dc59199dd280f05c920f8a463c1bc3ed4c8733b667fc2' +
'400a80936c92e522f3548630f62ef4321a06922a49714eede8cf0886017de58b' +
'76454da9e54a42540fe47208de5cc1ed534bd77763a4f3544dab1e6ab061da1c' +
'8ab060079809ba4050370904ce543b3ac8282e843a1841556d31f570938c8103' +
'8368ea0c0e5a4028bdba6c4c29c9f485549325634d9a4204a3793e72a846a059' +
'3c982f060351c9ba788ac3673d4ac407283000688f3b527617f29b74ea95d990' +
'394e17b6d2909660b444f550163ab912a261309ec5249fa097734484ecd44391' +
'5c76a9dab841c412da8834aeb5cd20866200f1c6f46a7ceb315df833a443773b' +
'54e56ecb224de62a92adf47e26084a7e50bfa912b5daca38bb894444a8a33619' +
'10be87548a205a41e4c558584618c42467a727f3d1c4fe0b841792a7ebfc90dd' +
'98ca6b95af19741328e16677c622351b023da0cda8717ec1c181645802a915c2' +
'16a6a849378ade9931db574f0ce24238ebcc86b795abc786965a4280b8afba90' +
'b740e3cba509bb9dcbcff7a75f89a17b1d8545b6a49089724463748b36ac1f0c' +
'17560bfc13f3c70f4db4b02317086a858e30c89e49590408eb2db2773f5a410c' +
'1fa49f6e151719354804830e40c79af8b416e09527736a6d9c765c0ae544c6c9' +
'86707a93c3a315f8c0917f8b16f97a78a0a1168805037315573e0c769496c822' +
'c0669da124e0a6153bb5ca3910372bb047e10c31cab313aacc5568bbb66acc31' +
'51d39b37689a22d0653727765e9731213a0b6ab381ee0916f2b614317b0a4189' +
'7ad015161237a7f8f5b89fdb3915402b1fa981484c85360c4b6e56a2055c7c62' +
'68c56c91bcaaf95c64fa43e49c206ddb1539f27e265c848dfc48229699870b6c' +
'0c941d1ed0511b3470b45216f43a174e4083f7986f5034c8c8983650712f24fb' +
'2b1db84cce699b39c8a5a441b222e4cd5277623ae5a836b171d4fc1a350745c6' +
'bbbebb608fb5a1354a9572509846d4f4a67365a7b68893233275cc2795e17b8c' +
'c6ea671416a32195584d7520fbf6ae66e77c6e06928cc362a74807cd96c2c7fc' +
'3f05f6a106600fa9ba4cca28ad6aea369b295112f2a08c883b2189c57d90cc14' +
'f6598304aa6dcc0151598a69c15fe666c0ce466aaa0651a0bc3da2204393617a' +
'd68109abeab83d2a103d0546cf13cefffcbcdb81a9e637bd374bac9ac589d193' +
'5f105a701bb94f124879bd7856f8181038f6cb6354b09881af3f52127b8012d7' +
'7a3ba6633b8ea019a3328add6105c73c86cb404bec2554a2b55e2a6319bee71f' +
'5052ac793618112368b74b11a2c98b024aafc005859ae6c876b9cd10fb568c49' +
'01ccc69dc851ae41e7c883cc2974a5a96f74c4d26277583590ae0464e1205e6b' +
'94701b999efd29bafeb47efd381356ec08f3a70cf0962db6a0a383637adf5662' +
'9abb29e473b1ad396952f83e67e4198b3a3eaea0abd99217895813204ca9de4b' +
'8b4995c5375b872382c86fe47d8d02fa62e849356bf2bc0eedf2f2c0e33a9f48' +
'cf');
break;
case 0x200:
public_keys[group] = hex2raw(s:
'f1016096e8595d6ccf04eabe69599bd4a1ab95d6ce1bc3bf2ce304532ac63968' +
'acde650d54c1906fa2549ed18820eab6aa22ba61334a621c4ffc239fb7295767' +
'aa21fe5411e9ac5e7f55213cd71ef281915c87106e023c1561a415b64fcb050e' +
'9f083b15300f651452e8a30b6d1285c86827d8d81c25013c6d4750526937c4cb' +
'5b1ccc696664cf0d7349b819a1d356bc1ac2317cd522c45879a419257b01c297' +
'0250f1c2614a11b3e04cc14b5cab59facf7ed29bed5b9caa158601c7521f09af' +
'6ea635d0ac54094a575b910334488a9b57c1b0e5a2b0f357e49715036909103c' +
'bc37f3162ad0b31fb033680252867c0499a4b69590765a39a83051a4a2f32db3' +
'1a1588627fa43898a8da5dad5890ea68ac0bf00b924c2dbee08a53597548550c' +
'8ba6843c188b9ef99e85574ee15b847b8b30da840c348741551c853578a3c3b7' +
'74b82c5b083a43a9d3bbff769f8cd01e43a5c41ac27cac0458be226858da2e08' +
'4a0f4d78430413cf14916523521a9271a154ec69bcba1016c9064610676d7999' +
'0349089e2361519a17aea67d5bc035d0b2ab26358df157cd93ea0dc86a2921aa' +
'2ac2e9384a42c5fb4b3f87c79651ec70ec3bb279962887fa2f330b5926e9996d' +
'd125e5b533aaf881d436be37c2672b1564ce933fed2099490c0536022ebbaca0' +
'269a3fc28a9acaa877b0193a1047cc1e056e656c0eceab91ed322a15a61f6e70' +
'c890383063bc1ee2db44d36c759a369ee7da10feb15b6581c9f0fc66f650a3e4' +
'001ebf4378500a974a12b27decb411887d092c20a6f89e1d623568a511aa8bc2' +
'56dc7a86356c4bd015e8c09166b65a3796aa57f464b6a33ff1465141b788e5d4' +
'29ff5668f0cb3a34c33800da78ce9bc11c5881ff2362bb2c1c8dd351f19605c7' +
'294c4c41ac9b530faa5567b7985b46c62d18272ab6a74e9a2750683468faf769' +
'6d522800668d43c5cdd8256e1a2a49b40351a75a440954819336945f12472e48' +
'bfdc01b0b42ba1decc901958a6af3290537ca50825b19295c73e816d1930ce2e' +
'a8a17656c3c1c8c2abf0a0db7823a3479df6b17bb3c4b2cd2866cf975bb27a2d' +
'0489ac3babb226f7de811215a4348528f32b4ca26e9be7d3bd610f404e66b69a');
break;
case 0x201:
public_keys[group] = hex2raw(s:
'aa2a505a172e5cbb870408b73db3ad09b6c62ca399ad6b2c092a0430730a0cd0' +
'95b1841bab65ca0718240470097197b9e03500f68936606b1cf0a313db738e05' +
'008be86aac0907c2ef1190f51c752edb45088794f9e243b115bacf651617f889' +
'7b320467572f489b15e9f2b8f2479e1ca9ce59f18bbd28b34af4573d60b9daf4' +
'a4bca9bde0e4a0b236516a88c41d938114e1c2e1fa8cac0aaacfb695e6343150' +
'5005ee01cc98f9a0319194408640c9236b1a292968aa81b7d6816277b7babb5c' +
'bd812fd9f5549c8772ada181383205f263b178e1565d1865068a068214175f31' +
'93f373914a0128dc324cd8f160ea32938d0818157371b63545b2d43cf2ea429e' +
'b2308972148b2a154e8090362bbb529acba6648551b938b6f60587b69566b51c' +
'60e77f6a675c159c7f1505b186c126023c11b1ea712d4a8919a2c6f660490ad7' +
'b60ac783cb1acd9cc6a294426522bba0925a2e36a54127fa9cfdd75a59e34b9d' +
'653bb79a192e2baeb65245d89c008c4c0ada08c46c52a827696d2df48770b4a6' +
'259b8d2e438cb6b078bca72651058bc66647ec58b68fc519552805db75a551a0' +
'a551aa57d46850905a450462331441beb93734d116ce01f87bab10bdb47b7054' +
'8142a813310a316bb4b8c3e6ea81e0d871dc913a481a32155a4f6cf1bc53c48f' +
'c60397e56b9add76173bac170df28558fca7125942ee8a24be0397d0c503a1c1' +
'0804925f07569747429f73062f92102f3d76c1eb796365db5c8e404711714e6a' +
'0b0d639bcdcf4861d67a5cf15b8f4df1b5a0aba609fcb856fa96bd002cb1a5ca' +
'1cd1136187160eca4968e16181272ce3670564f23cee039907f63b87f8829723' +
'b441a85cc272c1525bc28f528bbb9a1fe48b904f57a654d41240842103c047cf' +
'86cd26b4b58624454c9b467b5bc5cf4cbc18f429ff97b65f735b2a08cfdb8432' +
'f5f8708a89ba6f5ab4e969746271537deba303da7c998a465155c46de342c390' +
'03981a443e988aaec1613857b20185bbc87b29fe532afc72b3636c283c7421e9' +
'744fdec02e282202ab677f463c1d8eac6beadabfbc946328787761a346cf5ca4' +
'666c048a65853b64bec149a0a6a6092b5961c6b4a2bab32d5f3b6c7674078c79' +
'27da8994120b92348827088a2711a98e91022d4966308d454a29ec3285d51476' +
'7897d7c9b1aac71fa75a5e799148aa773bc8924e99dcc9eaf47c3c0455e30422' +
'9ed026634b748ae165c3ac5710b63a049373c9ca6c40293235c24324db3f2701' +
'84a23546a1858f595ca27d5839aee4a125d77cca896eb27c3940065e143c94a5' +
'60cd78e0687a097f81a752bdb652832c5cbceb2bf5a74a18f51dc07503cd6c37' +
'81bb398b7ab495fb912b83223d803308e6a60bd8314cf695ba774fd670992b07' +
'554a2a196dd84249f508091c2c64b02a4cf59e48164776aa5333bb87100254e1' +
'72c0a5672c6034a97af80d276153697c20ee063600478fb7e213687a2db51b5b' +
'88f099b2b93c622865a307ac2416a7e2ac3bed40bafe746c8123ccf74b774c55' +
'8ee543bbf1575dfe751b050598361b6e83e9b618d48bba4244979c88c1fc560a' +
'ba1d539b68a856284a0b07d76a1ee1d052da0315f6bc34f4a2684f76ade69cb5' +
'32e5f4ec59294a865a58eec712a78d7c2ec95e0131fe8833b972612c8da5d0bc');
break;
case 0x202:
public_keys[group] = hex2raw(s:
'd074284181a51822827e92128bfa34bf0c4873378cb7190673b023eb9a323403' +
'47c68359a1e47f8df6cc479984e0835f13b52e4b5c7f0b1416e9b83ac0db4cff' +
'56beadd73a2a39008aec007de5ac1a280a5fba67a5e825828151ebd8bcc8a937' +
'175bac86b35c2d4a2c8f0b1dbeba5f18acbd8b529169ba80a42728e6c3362b6c' +
'1d9dea07ac0a040f1a31f2718595ba5126038892758b074b242159a0b8bccdaa' +
'249bbaa38f6935ce89567c915b288b9016e443bf78100e6d3065a308bdae1139' +
'ebc2680d420cbeb792f2686afdda65cb5a5dcc502ad5c54b5bb76445eb274e78' +
'c4886bbf62b90c723984c329aff14195a0e28a9eb3b796499aaf80bebbbc013a' +
'5ba9b87b73dbf6a02d075035800f16536354db5930cb7d7e8bb04cea31940592' +
'02f25944020127984f6cf129ee73cb4baa1287d35ab283b53040b5d59ccf40ca' +
'77e74099018a663d167dd3a93725eb46deba84989ac82b11096c6455c5a188fa' +
'd0b4eab99e99b26d4d625626721a30818760faa12dbb939c3a98df373e03e51f' +
'fe72bebf9962a1f96c407207b7060412075467d90dbe46069b718dfe146d85f5' +
'9ee3199988db26686a6dc194bb57f8b606db1c8ba1ae5687acba12119f5c73e1' +
'c0373902a32ce442e0a5a92509a28ca3353fd971fa09bb79e7096e9129f94439' +
'c7829a1891b49fd09406725f3ad8520c347fa4e49198561255801fec5333a830' +
'b0c34616dc808bab6696a9cc7921a8987b2551664c03bc172207aaa9315185a1' +
'385bc9f32166d4cae15780ffa6ada67c38e847115f88c016fb40000205a8e45a' +
'56690676664d067a6bd7752aadb2989efba0e29c7870d063b5597b35523ad924' +
'10da0a581f39c49e1c4ce3a6aae41a4f7a2b96a2cc1a53b05e88a413bf77c276' +
'19c7311bacfef28097eabe82d45bd9ea40b15bb381b399b2697d88c24b8ba364' +
'7860ba282bc9c7305a55c3836ff5b020f1ab2123779528c8d6e1bd74e8067e80' +
'7c5f333976754bbea49a7c97bec42434c679cf97f4ba6f2b7d7bc27d1907230e' +
'03ba3f11cf5ab2a70693c97f493446429a8400cabd937c55a773e0c4aa7a8677' +
'3762510108aaf3c9c2df1297bb68509277a4e6b50f711219871b883bfc7c7f92' +
'4aeb975c50a18cb1c4ac778ca227740e15e1286aaa931505a086d0847e5a8d58' +
'226748a4081e5bc992516b48e71d7f3643b6b526c45b57771a0067c5c8ae3508' +
'd414c5bcdb4c3d67074c89c8a040bc6f934f153864a14b2eab777373320470ac' +
'71bc03ad2a145a3cfa8b2738573d2394cad9a6bb0c196bab80b409aa88306d13' +
'373853822b5a590148176105e24bf0f600a1f8201600870c8564507646e7c5a4' +
'4c3962bfd5bd29cc2743062fef78c4c2a5153ca5497c906b93f680411aa4b058' +
'7882d74b27637ac5fabb90b1ccdf90ccbcfa12791862f80bade7e7a6ec958795' +
'a0aa5a411408e8803531adef784d33e1529565378278479c35262566446c83a0' +
'6a55802198715c4491a3a2426f9831a8f3969687cf58314ce9380fde9c7bbc8b' +
'287b661d1c8cce46b9135f24b2def87159711c0fe3718ae81da790542be92e41' +
'1c709ae78f15425b01234b7e63b2006d6fcfba3aa8f58759eb6fc5305b04f65f' +
'37a84834ecb8bce10ec3c6c3bb60afdc294064f55c6f0b3d51863fe240726a65' +
'9df5f139ee231ba2c01b01f59d1cf2856b099d762096f0b4a20a2c686fec450d' +
'4b0ba00930cde6a9bc506e12cc11d939b66a661942e04500c37375c54937021f' +
'8ef585f6e7c6cc3c162ea608c842698d3a6f07646797dc167756c0aba0cf0b97' +
'406ad893e9e83a53e57773a9a9f0557afde757b6babe98e87870f05966a051f3' +
'd048e6954b445b08d8c209f5194cdb1a1634422e07067aec24a001a945bd2ba2' +
'd0ca87615103d9e80c90b6bd5536bfd49ba0b1740105d53d44c4ac9370971791' +
'73b870cece803406e3105753c5a960a30af1528fccc5a23530bf4a1738fc9462' +
'0c9803d68dd2c440df755a18706e044905a5c011d0ccbc57e5be136337c5013b' +
'eb5801bc32be0eb57644a78ca92b4a63c90949d96bdd1b1b43f522433912447a' +
'cf55525008e9329d616d15332f3df9b2da0a7182a178191756ef675f9a5b8f59' +
'62278543cdee0a1c57359eb0ab87fb06259d6463e985b6bbb23eeb1205b34081' +
'89a508abaaa4d3f3a82e0d2af15ca8505a1bb0552b6b03b2cd58574928b8850b');
break;
}
}
return public_keys;
}
##
# Make the supported group array for a ClientHello message based on an array
# of supported groups that may contain NULLs.
#
# @param <group_set:list> The list of TLS curve groups to encode
# @return A list of supported group codes to use with ClientHello
##
function create_client_hello_groups(group_set)
{
var supported_groups = [];
var group;
foreach group(group_set)
{
if(!isnull(group))
append_element(var:supported_groups, value:group);
}
return supported_groups;
}
##
# Send a ClientHello offering a set of supported groups.
# Accept the ServerHello response which should contain at least one agreed
# upon group in the key share extension if the server supports one of the offered
# key share groups.
#
# @param <cipher_bytes:bytes> The cipher suites offered to the server.
# @param <supported_groups:array> The supported groups offered to the server.
# @param <port:int> The port the server is listening on.
# @param <encaps:int] A SSL/TLS encapsulation code.
#
# @return [array] An array of information about the cipher suite selected by the server.
##
function test_for_tls_supported_groups(cipher_bytes, supported_groups, port, encaps)
{
# When we fail to open a socket, we'll pause for a few seconds and
# try again. We'll only do this so many times before we consider the
# service too slow, however.
var soc;
if(empty_or_null(ref:cipher_bytes) || empty_or_null(ref:supported_groups) || isnull(port))
return NULL;
var groups = create_client_hello_groups(group_set:supported_groups);
var rec, recs;
var test_mode = FALSE;
var tls13 = TRUE;
var data, public_keys, client_hello;
if(!get_kb_item("TEST_ssl_supported_group_do_not_open_socket"))
{
var pauses_taken = 0;
# Connect to the port, issuing the StartTLS command if necessary.
while(!(soc = open_sock_ssl(port)))
{
pauses_taken++;
if(pauses_taken > 5)
{
ssl_dbg(src:FUNCTION_NAME, msg:"Failed to connect to port " + port + " too "+
"many times, exiting.", lvl:1);
exit(1, "Failed to connect to " + port + " too many times.");
}
else
{
ssl_dbg(src:FUNCTION_NAME, msg:"Failed to connect to port " + port + ", " +
"pausing before retrying.", lvl:1);
replace_kb_item(name:"ssl_supported_groups/pauses_taken/" + port, value:pauses_taken);
sleep(pauses_taken * 2);
}
}
if(encaps == COMPAT_ENCAPS_TLSv13)
{
public_keys = get_public_keys_by_groups(groups:groups);
client_hello = tls13_client_hello(supported_groups:groups, public_keys:public_keys, cipher_suites:cipher_bytes);
ssl_dbg(msg:'sending tls13 client hello...', lvl:2);
send(socket:soc, data:client_hello);
data = recv_ssl(socket:soc, hard_timeout:TRUE);
}
else
{
var exts = tls_ext_ec(groups) + tls_ext_ec_pt_fmt() + tls_ext_sig_algs();
data = get_tls_server_response(soc:soc, encaps:encaps, cipherspec:cipher_bytes, exts:exts);
}
ssl_dbg(lvl:3, msg:'got back ' + hexstr(data));
if(soc)
close(soc);
}
rec = ssl_find(
blob:data,
tls13:(encaps == COMPAT_ENCAPS_TLSv13),
"content_type", SSL3_CONTENT_TYPE_HANDSHAKE,
"handshake_type", SSL3_HANDSHAKE_TYPE_SERVER_HELLO
);
var ssl_ver = rec["handshake_version"];
if(encaps != COMPAT_ENCAPS_TLSv13)
{
rec = ssl_find(
blob:data,
tls13:FALSE,
"content_type", SSL3_CONTENT_TYPE_HANDSHAKE,
"handshake_type", SSL3_HANDSHAKE_TYPE_SERVER_KEY_EXCHANGE
);
rec["handshake_version"] = ssl_ver;
}
if(isnull(rec))
ssl_dbg(src:SCRIPT_NAME, msg:"No records received.", lvl:2);
return rec;
}
##
# Identifies the negotiated group in the server's ClientHello responses.
#
# @param [resp:array] Decoded server responses to a ClientHello (ServerHello, etc.)
# @param [encaps:int] A SSL/TLS encapsulation code.
# @param [cipher:string] Cipher name
#
# @return [array|NULL] If the server returns a curve group for the negotiated cipher then
# this function returns the array [group, name] where group is the binary
# word representing the negotiated curve group. On error, or in case of
# a cipher that doesn't use curve groups, this function returns NULL.
##
function find_server_supported_group(resp, encaps, cipher)
{
var group, name, scheme;
if(encaps == COMPAT_ENCAPS_TLSv13)
{
group = resp.extension_key_share_group;
if(isnull(group))
return NULL;
name = SUPPORTED_GROUP_NAMES[group];
}
else
{
var cipher_desc = ciphers_desc[cipher];
if(empty_or_null(ref:cipher_desc))
return NULL;
var len, tlsss;
var skex = ssl_parse_srv_kex(blob:resp.data, cipher:cipher_desc, version:resp["handshake_version"]);
if(isnull(skex) || isnull(skex.kex))
return NULL;
if(!isnull(skex))
{
if(skex.kex =~ "^ecdh")
{
if(!empty_or_null(skex.named_curve))
group = skex.named_curve;
}
else if(skex.kex =~ "^dh")
{
if(!empty_or_null(skex.dh_p))
{
len = strlen(skex.dh_p);
name = "ffdhe" + (len * 8);
for(var g in SUPPORTED_GROUP_NAMES)
{
if(SUPPORTED_GROUP_NAMES[g] == name)
{
group = g;
break;
}
}
}
}
if(!empty_or_null(skex.hash_alg) && !empty_or_null(skex.sig_alg))
{
# TLS SignatureScheme - https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml
tlsss = skex.hash_alg * 256 + skex.sig_alg;
scheme = TLS_SIGNATURE_SCHEME[tlsss];
}
else
{
scheme = "";
}
}
}
if(!isnull(group) && empty_or_null(ref:name))
{
name = SUPPORTED_GROUP_NAMES[group];
if(empty_or_null(ref:name))
ssl_dbg(lvl:1, msg:pp_info.l4_proto + " port " + port +
" The server returned an unrecognized elliptic curve or ffdhe group (" + group + ".");
}
if(isnull(name))
name = "";
if(isnull(group))
group = -1;
if(isnull(scheme))
scheme = "";
return [group, name, scheme];
}
if(get_kb_item("global_settings/disable_ssl_cipher_neg"))
exit(1, "Not negotiating the SSL ciphers, per user config.");
if(!get_kb_item("SSL/Supported"))
exit(1, "The 'SSL/Supported' KB is not set.");
set_byte_order(BYTE_ORDER_BIG_ENDIAN);
# Get a port to operate on, forking for each one.
var pp_info = get_tls_dtls_ports(fork:TRUE, dtls:FALSE, check_port:TRUE);
var port = pp_info["port"];
if(isnull(port))
exit(1, "The host does not appear to have any TLS based services.");
var ssl_vers = get_kb_list("SSL/Transport/" + port);
var target_has_supported_groups = false;
for(var xport of ssl_vers)
{
if(xport > ENCAPS_SSLv3)
{
target_has_supported_groups = true;
break;
}
}
if(!target_has_supported_groups)
audit(AUDIT_NOT_DETECT, "TLS 1.0 or higher", port);
var encaps, encaps_list, encaps_name;
# If it's encapsulated already, make sure it's a type we support.
if(pp_info.proto == "tls")
encaps_list = get_kb_list("SSL/Transport/" + port);
else
exit(1, "An unsupported protocol was returned from get_tls_dtls_ports(). (" + pp_info.port + "/" + pp_info.proto + ")");
var start_supported_groups_size, idx, first_time, added_at_least_one;
var cipher, groups_to_check, group, group_name, reported_cipher_key;
var supported_ciphers, scheme, reported_scheme_key;
var reported_schemes = {};
var supported_groups = {};
var reported_ciphers = {};
for(encaps of encaps_list)
{
encaps_name = ENCAPS_NAMES[encaps];
supported_ciphers = get_kb_list("SSL/Ciphers/" + port + "/" + encaps_name);
for(cipher of supported_ciphers)
{
ssl_dbg(src:SCRIPT_NAME, msg:"Testing encaps " + encaps_name +
" on port " + port + " for the " + cipher + " cipher.", lvl:2);
reported_cipher_key = "TLS/supported_groups/" + port + "/" + encaps_name + "/" + cipher;
reported_scheme_key = "TLS/signature_schemes/" + port + "/" + encaps_name + "/" + cipher;
# Just in case we get the extension after also receiving a Server Key Exchange message - should not happen
if(!isnull(get_kb_list(reported_cipher_key)))
{
group_name = get_one_kb_item(reported_cipher_key);
reported_ciphers[reported_cipher_key + "/" + group_name] = 1;
}
if(encaps == COMPAT_ENCAPS_TLSv13)
groups_to_check = make_list(TLS13_SUPPORTED_GROUPS, [0x0200, 0x0201, 0x0202, 0x11eb, 0x11ec, 0x11ed]);
else
groups_to_check = keys(SUPPORTED_GROUP_NAMES);
start_supported_groups_size = max_index(groups_to_check);
idx = 0;
first_time = TRUE;
# Iterate over each supported group.
while(first_time || added_at_least_one)
{
added_at_least_one = FALSE;
recs = test_for_tls_supported_groups(cipher_bytes:ciphers[cipher],
supported_groups:groups_to_check,
port:port,
encaps:encaps);
first_time = FALSE;
if(isnull(recs))
continue;
result = find_server_supported_group(resp:recs, encaps:encaps, cipher:cipher);
if(!empty_or_null(ref:result))
{
group = result[0];
group_name = result[1];
scheme = result[2];
if(scheme != "")
{
if(!reported_schemes[reported_scheme_key + "/" + scheme])
set_kb_item(name:reported_scheme_key, value:scheme);
reported_schemes[reported_scheme_key + "/" + scheme] = 1;
}
if(group >= 0 && group_name != "")
{
if(!reported_ciphers[reported_cipher_key + "/" + group_name])
set_kb_item(name:reported_cipher_key, value:group_name);
reported_ciphers[reported_cipher_key + "/" + group_name] = 1;
supported_groups[group] = group_name;
ssl_dbg(src:SCRIPT_NAME, msg:"Found supported group: " + group + " on " +
pp_info.l4_proto + " port " + port + ".", lvl:2);
for(idx in groups_to_check)
{
if(groups_to_check[idx] == group)
{
added_at_least_one = TRUE;
groups_to_check[idx] = NULL;
break;
}
}
}
else
{
ssl_dbg(lvl:1, msg:pp_info.l4_proto + " port " + port + " An unexpected group name/value was encountered.");
}
}
}
}
}
var report = "";
# Stash the list of supported ciphers in the KB for future use.
# Each cipher is matched to the corresponding version.
# Generate a report for each version and its ciphers.
if(!isnull(supported_groups))
{
for(group in supported_groups)
{
group_name = supported_groups[group];
if(empty_or_null(ref:group_name))
group_name = "unknown";
if(group == -1)
group = "N/A";
else
group = "0x" + hexstr(mkword(group));
if(strlen(report) == 0)
{
report = '\nTLS supported groups : \n\n';
report += 'Name Code\n';
report += '--------------------------\n';
}
report += group_name;
report += crap(data:' ', 20 - strlen(group_name));
report += group + '\n';
}
}
if(strlen(report) == 0)
exit(0, pp_info.l4_proto + " port " + port + " does not offer curve groups.");
replace_kb_item(name:"TLS/PQC_key_encaps", value:TRUE);
report =
'\nThese are the TLS supported groups offered by the remote server :\n' +
'\n' + report;
security_report_v4(port:port, proto:tolower(pp_info.l4_proto), severity:SECURITY_NOTE, extra:report);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Jun 2026 00:00Current
5.3Medium risk
Vulners AI Score5.3