Hi,
using nmap I can detect the private IPs of the VPC Endpoint are using old TLS versions. Is it correct?
nmap command: nmap -sV -p 443 -Pn --script ssl-enum-ciphers 10.xx.x.xx
result:
Starting Nmap 7.94 ( https://nmap.org ) at 2023-11-15 17:14 Romance Standard Time
Nmap scan report for ip-10-35-1-137.eu-west-1.compute.internal (10.xx.x.xx)
Host is up (0.053s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/https AmazonEC2
|http-server-header: AmazonEC2
| fingerprint-strings:
| FourOhFourRequest:
| HTTP/1.1 401 Unauthorized
| x-amzn-RequestId: 35504e7d-958a-43f4-8287-94cac4c7c749
| Cache-Control: no-cache, no-store
| Strict-Transport-Security: max-age=31536000; includeSubDomains
| vary: accept-encoding
| Content-Type: text/xml;charset=UTF-8
| Date: Wed, 15 Nov 2023 16:15:12 GMT
| Connection: close
| Server: AmazonEC2
| <?xml version="1.0" encoding="UTF-8"?>
| <Response><Errors><Error><Code>AuthFailure</Code><Message>AWS was not able to validate the provided access credentials</Message></Error></Errors><RequestID>35504e7d-958a-43f4-8287-94cac4c7c749</RequestID></Response>
| GenericLines:
| HTTP/1.1 400 Bad Request
| Date: Wed, 15 Nov 23 16:15:19 GMT
| Connection: close
| x-amz-request-id: 17197B4A773A83C6
| Content-Length: 0
| GetRequest:
| HTTP/1.1 301 Moved Permanently
| Location: https://aws.amazon.com/ec2
| x-amzn-RequestId: 3c69962d-d92d-44d7-8a25-499cfaa10799
| Cache-Control: no-cache, no-store
| Strict-Transport-Security: max-age=31536000; includeSubDomains
| Content-Type: text/xml;charset=UTF-8
| Content-Length: 0
| Date: Wed, 15 Nov 2023 16:15:07 GMT
| Keep-Alive: timeout=20
| Server: AmazonEC2
| Connection: close
| HTTPOptions:
| HTTP/1.1 400 Bad Request
| x-amzn-RequestId: a95399a3-1a45-4d40-8c6d-8b3de52e92bd
| Cache-Control: no-cache, no-store
| Strict-Transport-Security: max-age=31536000; includeSubDomains
| vary: accept-encoding
| Content-Type: text/xml;charset=UTF-8
| Date: Wed, 15 Nov 2023 16:15:09 GMT
| Connection: close
| Server: AmazonEC2
| <?xml version="1.0" encoding="UTF-8"?>
| <Response><Errors><Error><Code>UnsupportedHttpVerb</Code><Message>The requested HTTP verb is not supported: OPTIONS</Message></Error></Errors><RequestID>a95399a3-1a45-4d40-8c6d-8b3de52e92bd</RequestID></Response>
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Key exchange (dh 1024) of lower strength than certificate key
| TLSv1.1:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Key exchange (dh 1024) of lower strength than certificate key
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| Key exchange (dh 1024) of lower strength than certificate key
|_ least strength: C
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port443-TCP:V=7.94%T=SSL%I=7%D=11/15%Time=6554EE8D%P=i686-pc-windows-wi
SF:ndows%r(GetRequest,17F,"HTTP/1.1\x20301\x20Moved\x20Permanently\r\nLoc
SF:ation:\x20https://aws.amazon.com/ec2\r\nx-amzn-RequestId:\x203c69962d
SF:-d92d-44d7-8a25-499cfaa10799\r\nCache-Control:\x20no-cache,\x20no-store
SF:\r\nStrict-Transport-Security:\x20max-age=31536000;\x20includeSubDomain
SF:s\r\nContent-Type:\x20text/xml;charset=UTF-8\r\nContent-Length:\x200\r
SF:nDate:\x20Wed,\x2015\x20Nov\x202023\x2016:15:07\x20GMT\r\nKeep-Alive:\x
SF:20timeout=20\r\nServer:\x20AmazonEC2\r\nConnection:\x20close\r\n\r\n")%
SF:r(HTTPOptions,23A,"HTTP/1.1\x20400\x20Bad\x20Request\r\nx-amzn-Request
SF:Id:\x20a95399a3-1a45-4d40-8c6d-8b3de52e92bd\r\nCache-Control:\x20no-cac
SF:he,\x20no-store\r\nStrict-Transport-Security:\x20max-age=31536000;\x20i
SF:ncludeSubDomains\r\nvary:\x20accept-encoding\r\nContent-Type:\x20text/x
SF:ml;charset=UTF-8\r\nDate:\x20Wed,\x2015\x20Nov\x202023\x2016:15:09\x20G
SF:MT\r\nConnection:\x20close\r\nServer:\x20AmazonEC2\r\n\r\n<?xml\x20ver
SF:sion="1.0"\x20encoding="UTF-8"?>\n<Response><Errors><Error><Code>
SF:UnsupportedHttpVerb</Code><Message>The\x20requested\x20HTTP\x20verb\x20
SF:is\x20not\x20supported:\x20OPTIONS</Message></Error></Errors><RequestID
SF:>a95399a3-1a45-4d40-8c6d-8b3de52e92bd</RequestID></Response>")%r(FourOh
SF:FourRequest,23E,"HTTP/1.1\x20401\x20Unauthorized\r\nx-amzn-RequestId:
SF:x2035504e7d-958a-43f4-8287-94cac4c7c749\r\nCache-Control:\x20no-cache,
SF:x20no-store\r\nStrict-Transport-Security:\x20max-age=31536000;\x20inclu
SF:deSubDomains\r\nvary:\x20accept-encoding\r\nContent-Type:\x20text/xml;c
SF:harset=UTF-8\r\nDate:\x20Wed,\x2015\x20Nov\x202023\x2016:15:12\x20GMT\r
SF:\nConnection:\x20close\r\nServer:\x20AmazonEC2\r\n\r\n<?xml\x20version
SF:="1.0"\x20encoding="UTF-8"?>\n<Response><Errors><Error><Code>Auth
SF:Failure</Code><Message>AWS\x20was\x20not\x20able\x20to\x20validate\x20t
SF:he\x20provided\x20access\x20credentials</Message></Error></Errors><Requ
SF:estID>35504e7d-958a-43f4-8287-94cac4c7c749</RequestID></Response>")%r(G
SF:enericLines,89,"HTTP/1.1\x20400\x20Bad\x20Request\r\nDate:\x20Wed,\x20
SF:15\x20Nov\x2023\x2016:15:19\x20GMT\r\nConnection:\x20close\r\nx-amz-req
SF:uest-id:\x2017197B4A773A83C6\r\nContent-Length:\x200\r\n\r\n");
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 161.80 seconds
What's the name of the endpoint that you are probing?