On Jan 8, 2004, at 10:11 PM, [EMAIL PROTECTED] wrote:
Renaud, thank you very much for the prompt response.. A couple of follow-ups:
2) Does the test actually test for all three of the original bugs, CAN-2003-0545, CAN-2003-0543, and CAN-2003-0544 as well as the later from November CAN-2003-0851?
No, it checks for _none_ of these bugs (as it would be otherwise destructive).
Okay, I think I was confused because the ssltest.nasl has the following:
script_cve_id("CAN-2003-0543", "CAN-2003-0544", "CAN-2003-0545");
I understand the part about sending an "unsolicited" certificate, but I was misled somewhat by the CANs above.
If it accepts an unsolicited certificated, then it implies that the remote
OpenSSL is not patched.
However, you are correct in your reasoning - if a server forces the use
of a certificate, this will probably be a false negatives. I'll ask John if
he can do something intrusive to clear that up.
You'd need to do "SSL fingerprinting" - send on-the-edge SSL requests (on the edge protocol-wise), and look at how the remote SSL stack responds
I am guessing that you are not aware of anything that does this already?
No, but I'd love to see one.
-- Renaud
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
