Nessus 1.0.x and the early version of 1.1.x used a specific cryptographic layer for the client/server communication: PEKS.
PEKS behaved very oddly in some cases, and 90% of the trafic on _this_ mailing list was related with problems like "public key has changed", "not enough entropy, please sacrifice a chicken to EGD" (private joke :) etc. So we switched to a standard crypto layer: SSL/TLS. So far so good. I can now claim that we reached our goal: 90% of the traffic on this mailing list is NOW related to problems like "Server does not use NTP xxx or is TCP wrapped". Great <grin> I will say it once more: PEKS is incompatible with TLS and TLS is incompatible with PEKS. <sigh> So if you want to connect to a 1.2 nessusd server, you have to use a 1.2 nessus client. Or a recent NessusWX client. Old or obsolete or unmaintained or not yet updated clients do _not_ speak SSL. More: old 1.1.x clients (but not so old) used SSLv3 instead of TLSv1. The only thing that 1.0.x and 1.2.x have in common are... surprise surprise... clear text communications! If you really want to use an old/obsolete/strange/unofficial/TLS-hating client, you have to disable the SSL layer on the server, by adding to nessusd.conf: ssl_version = none _Or_ you can use stunnel to connect to your server, but this is brain damaged and I will not document the procedure. -- mailto:[EMAIL PROTECTED] GPG Public keys: http://michel.arboi.free.fr/pubkey.txt http://michel.arboi.free.fr/ http://arboi.da.ru/ FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/
