I am trying to setup openvas on my machine (ubuntu 12.04.1 32 bit ) and I noticed that the openvas manager is not able to connect due to a handshake problem. I tried simulating the openvas server with gnutls-serv
sudo gnutls-serv -d 9 --x509keyfile /usr/local/var/lib/openvas/private/CA/serverkey.pem --x509certfile /usr/local/var/lib/openvas/CA/servercert.pem --x509cafile /usr/local/var/lib/openvas/CA/cacert.pem -p 9393 Set static Diffie-Hellman parameters, consider --dhparams. Processed 1 CA certificate(s). Echo Server listening on IPv4 0.0.0.0 port 9393...done Echo Server listening on IPv6 :: port 9393...bind() failed: Address already in use |<4>| REC[0x9f5c8a0]: Allocating epoch #0 When I tried to connect the openvas manager I get the below problem. Note: I tried simulating the same thing with openssl and I got a handshake. I'm not sure where "Error: Could not negotiate a supported cipher suite." is coming from sudo gnutls-serv -d 9 --x509keyfile /usr/local/var/lib/openvas/private/CA/serverkey.pem --x509certfile /usr/local/var/lib/openvas/CA/servercert.pem --x509cafile /usr/local/var/lib/openvas/CA/cacert.pem -p 9393 Set static Diffie-Hellman parameters, consider --dhparams. Processed 1 CA certificate(s). Echo Server listening on IPv4 0.0.0.0 port 9393...done Echo Server listening on IPv6 :: port 9393...bind() failed: Address already in use |<4>| REC[0x9f5c8a0]: Allocating epoch #0 * Accepted connection from IPv4 127.0.0.1 port 49340 on Mon Sep 24 08:58:42 2012 |<2>| ASSERT: gnutls_constate.c:695 |<4>| REC[0x9f5c8a0]: Allocating epoch #1 |<4>| REC[0x9f5c8a0]: Expected Packet[0] Handshake(22) with length: 1 |<4>| REC[0x9f5c8a0]: Received Packet[0] Handshake(22) with length: 108 |<4>| REC[0x9f5c8a0]: Decrypted Packet[0] Handshake(22) with length: 108 |<3>| HSK[0x9f5c8a0]: CLIENT HELLO was received [108 bytes] |<3>| HSK[0x9f5c8a0]: Client's version: 3.3 |<2>| ASSERT: gnutls_db.c:326 |<2>| ASSERT: gnutls_db.c:246 |<2>| EXT[0x9f5c8a0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes) |<2>| EXT[0x9f5c8a0]: Parsing extension 'SIGNATURE ALGORITHMS/13' (16 bytes) |<2>| EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256 |<2>| EXT[SIGA]: rcvd signature algo (4.2) DSA-SHA256 |<2>| EXT[SIGA]: rcvd signature algo (4.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (5.1) RSA-SHA384 |<2>| EXT[SIGA]: rcvd signature algo (5.3) GOST R 34.10-94 |<2>| EXT[SIGA]: rcvd signature algo (6.1) RSA-SHA512 |<2>| EXT[SIGA]: rcvd signature algo (6.3) GOST R 34.10-94 |<2>| ASSERT: gnutls_handshake.c:3348 |<1>| Could not find an appropriate certificate: Insufficient credentials for that request. |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_ARCFOUR_MD5 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA256 |<3>| HSK[0x9f5c8a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA256 |<2>| ASSERT: gnutls_handshake.c:921 |<2>| ASSERT: gnutls_handshake.c:586 |<2>| ASSERT: gnutls_handshake.c:2358 |<2>| ASSERT: gnutls_handshake.c:2991 Error in handshake Error: Could not negotiate a supported cipher suite. |<4>| REC: Sending Alert[2|40] - Handshake failed |<4>| REC[0x9f5c8a0]: Sending Packet[0] Alert(21) with length: 2 |<4>| REC[0x9f5c8a0]: Sent Packet[1] Alert(21) with length: 7 |<2>| ASSERT: gnutls_record.c:276 |<4>| REC[0x9f5c8a0]: Epoch #0 freed |<4>| REC[0x9f5c8a0]: Epoch #1 freed _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
