On Tue, 29 Nov 2005, George A. Theall wrote:
I'm not all that good with deciphering TLS, but one oddity I noticed is
that the server hello requests zlib as a compression method -- my
installs use a NULL method (no compression). zlib compression was
introduced in OpenSSL 0.9.8 if it was linked with libz when built. This
is all fairly new and I wonder if there's an issue.
You said you tried this with openssl-0.9.7i too. Did you do this on a
fresh machine? Or perhaps you didn't remove all traces of the newer
version? If you don't mind rebuilding again, give that a try. Make sure
ldd reports you're using the correct libraries. And if you need to, send
me another packet capture.
Your correct.
apt-get --purge remove openssl did not remove the following files in
the /usr/lib directory
libssl.so.0.9.8
libcrypto.so.0.9.8
Once I removed those two files, relinked /usr/lib/libssl.so and
/usr/lib/crypto.so to the appropriate 0.9.7 version and reran ldconfig,
I no longer received the "SSL routines:SSL3_READ_BYTES:sslv3 alert bad
record mac" error.
Thanks again,
--
- Josh
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
