ssltest.nasl is declaring a hole at the following line in ssltest.nasl. # well, we sent the cert and the server fin'ed or RST'ed...what to do, what to do...???? # the cert was, after all, out of line...we should have gotten an error code 0x0A...so... security_hole(port);
I am running apache 1.3.29, mod_ssl 2.8.16, and openssl 0.9.7c. I noticed the section of code: # Thanks to Brad Hazledine for submitting report that: #> By removing weak ciphers from the SSLCipherSuite on Apache 1.3.29/mod_ssl #> 2.8.16/Openssl 0.9.7c it reports a false (vulnerable) version of openssl. # So, We'll look for error message 0x02 0x28 which denotes a failed handshake if ( (ord(r[5]) == 0x02) && (ord(r[6]) == 0x28) ) exit(0); I am removing weak ciphers from SSLCipherSuite, but I have different values for r[5] and r[6]. Is there an openssl reference guide somewhere that I can determine what exactly my server IS responding with? Or, does anyone have any suggestions as to how I should troubleshoot this? I have done the exact same setup on a linux box and it behaves as expected...so it seems to be related to the xserve. any help would be greatly appreciated! thanks in advance, steve __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
