On Friday 12 March 2010 14:34:45 Jan-Oliver Wagner wrote: > On Freitag, 12. März 2010, Michael Meyer wrote: > > *** Chandrashekhar B <bchan...@secpod.com> wrote: > > > > On Friday 12 March 2010 10:06:42 Jan-Oliver Wagner wrote: > > > > > * migrate ssl_ciphers to use GnuTLS > > > > > > > > Is this the C check? If so, I would prefer not to move to > > > > GnuTLS. GnuTLS is rather conservative in what ciphers it > > > > supports and may therefore miss weak ciphers because it > > > > doesn't support them rather than because the scanned service doesn't. > > > > > > Yes, agree, let us invalidate this plugin and write in NASL. > > > > But this means, do this check with GnuTLS because NASL is linked > > against it. So this will not solve Tim's concern. Or am I mistaken? > > Not necessarily if we wrap some tools with a NASL NVT. > > http://sourceforge.net/projects/sslscan/
SSLscan is written by a colleague of mine but I repeat, it and anything that relies on a particular library is sub optimal. The current C solution using OpenSSL is less suboptimal (due to the choice of OpenSSL) but the change ought to be to move to a non-library based solution. Switching to GNU/TLS would actually be a regression. There are cipher suites that may not be negotiated by OpenSSL or GNU/TLS but which might be supported by an IIS web server. Tim -- Tim Brown <mailto:t...@openvas.org> <http://www.openvas.org/>
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-devel mailing list Openvas-devel@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-devel
