Gist of the Patch

ssl.patch

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 94d5294..2b237d3 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -138,6 +138,8 @@ categories = {"discovery", "intrusive"}
 -- http://seclists.org/nmap-dev/2012/q3/156
 -- http://seclists.org/nmap-dev/2010/q1/859
 local CHUNK_SIZE = 64
+local have_ssl, _ = pcall(require,'openssl')
 
 -- Add additional context (protocol) to debug output
 local function ctx_log(level, protocol, fmt, ...)
@@ -586,7 +588,10 @@ local function find_ciphers(host, port, protocol)
   local ciphers = in_chunks(sorted_keys(tls.CIPHERS), get_chunk_size(host, protocol))
 
   local results = {}
-  local scores = {warnings={}}
+  local scores = false
+  if have_ssl then
+    scores = {warnings={}}
+  end
 
   -- Try every cipher.
   for _, group in ipairs(ciphers) do
@@ -820,18 +825,30 @@ local function try_protocol(host, port, protocol, upresults)
 
   -- Add rankings to ciphers
   local cipherstr
-  for i, name in ipairs(ciphers) do
-    local outcipher = {name=name, kex_info=scores[name].extra, strength=scores[name].letter_grade}
-    setmetatable(outcipher,{
-      __tostring=function(t)
-        if t.kex_info then
-          return string.format("%s (%s) - %s", t.name, t.kex_info, t.strength)
-        else
-          return string.format("%s - %s", t.name, t.strength)
+  if have_ssl then
+    for i, name in ipairs(ciphers) do
+      local outcipher = {name=name, kex_info=scores[name].extra, strength=scores[name].letter_grade}
+      setmetatable(outcipher,{
+        __tostring=function(t)
+          if t.kex_info then
+            return string.format("%s (%s) - %s", t.name, t.kex_info, t.strength)
+          else
+            return string.format("%s - %s", t.name, t.strength)
+          end
         end
-      end
-    })
-    ciphers[i]=outcipher
+      })
+      ciphers[i]=outcipher
+    end
+  else
+    for i, name in ipairs(ciphers) do
+      local outcipher = {name=name}
+        setmetatable(outcipher,{
+          __tostring=function(t)
+            return string.format("%s", t.name)
+          end
+        })
+      ciphers[i]=outcipher
+    end
   end
 
   results["ciphers"] = ciphers
@@ -842,7 +859,7 @@ local function try_protocol(host, port, protocol, upresults)
 
   results["cipher preference"] = cipher_pref
   results["cipher preference error"] = cipher_pref_err
-  if next(scores.warnings) then
+  if have_ssl and next(scores.warnings) then
     results["warnings"] = sorted_keys(scores.warnings)
   end
 
@@ -908,6 +925,11 @@ function sorted_by_key(t)
 end
 
 action = function(host, port)
+
+  if not have_ssl then
+    stdnse.verbose("Scores will not be calculated as openssl is not present.")
+  end
+
   local results = {}
 
   local condvar = nmap.condvar(results)
@@ -932,14 +954,15 @@ action = function(host, port)
     return nil
   end
 
-  local least = "A"
-  for p, r in pairs(results) do
-    for i, c in ipairs(r.ciphers) do
-      -- counter-intuitive: "A" < "B", so really looking for max
-      least = least < c.strength and c.strength or least
+  if have_ssl then
+    local least = "A"
+    for p, r in pairs(results) do
+      for i, c in ipairs(r.ciphers) do
+        -- counter-intuitive: "A" < "B", so really looking for max
+        least = least < c.strength and c.strength or least
+      end
     end
+    results["least strength"] = least
   end
-  results["least strength"] = least
-
   return sorted_by_key(results)
 end