[sqlmap-users] SSL issue?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

I'm having an issue connecting to one particular SSL enabled site. The
error being received is not related to SSL, though I have confirmed it is
not a UA/status code issue as the error suggests (tested via a connection
with curl - and it also works if going through a proxy):

*[16:38:03] [CRITICAL] connection dropped or unknown HTTP status code
received. Try to force the HTTP User-Agent header with option
'--user-agent' or switch '--random-agent'. sqlmap is going to retry the
request*

The only difference I can see between the sites, is the SSL ciphers that
they support. The supported ciphers are listed below (site2 is the one
causing problems - sqlmap works against site1):

sslscan site1.local | grep -i accept

   Accepted  SSLv3  128 bits  AES128-SHA
   Accepted  SSLv3  128 bits  RC4-SHA
   Accepted  SSLv3  128 bits  RC4-MD5
   Accepted  TLSv1  128 bits  AES128-SHA
   Accepted  TLSv1  128 bits  RC4-SHA
   Accepted  TLSv1  128 bits  RC4-MD5
sslscan site2.local | grep -i accept
   Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
   Accepted  SSLv3  168 bits  DES-CBC3-SHA
   Accepted  SSLv3  128 bits  RC4-SHA
   Accepted  TLSv1  256 bits  AES256-SHA
   Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
   Accepted  TLSv1  168 bits  DES-CBC3-SHA
   Accepted  TLSv1  128 bits  RC4-SHA

I have no idea where to start debugging this issue. Is it a Python issue,
an OpenSSL issue, sqlmap, or something else?

Running Gentoo with Python 2.7 (have tried 2.6), and openssl-1.0.0j. I very
much suspect this is a problem with my build, though any pointers would be
most appreciated.

Regards,

Geoff