Am 11.05.2012 17:38, schrieb Michael Meyer:
*** Stefan Schwarz wrote:i try to check my web servers on weak ciphers for SSL connection on port 443. There seems to be a plugin (1.3.6.1.4.1.25623.1.0.103440) to do this. But i don't get any results after enabling it.103440 depends on 900234 (secpod_ssl_ciphers.nasl). Try to set the timeout of secpod_ssl_ciphers.nasl to a higher value, maybe it was killed by the scanner because it takes to much time. You should see something like "foo.nasl (pid 12345) is slow to finish - killing it" in openvassd.messages if i'm right. HTH Micha
Thanks for pointing this out.It filled out my Saturday with various tests combining different plugins and timeout values with scanning-times ranging from 1s to more than 1000s (!) for secpod_ssl_ciphers.nasl.
But the solution to my problem is quite simple: 1) Enable only OID 103441 (Check for supported SSL Ciphers)This depends on OID 900234 (Check SSL Weak Ciphers and Supported Ciphers) which should be automatically enabled during runtime.
Both can be found in family "General". Timeout of 60 s should be ok.2) In Scanner preferences you should set "SSL Cipher settings" to list supported ciphers.
This works great! But there is still one more problem left.I did all the testing with OpenVAS-Client using OTP. I really love this client because settings can be found, set and modified quite easily and therefore it's ideal for testing scan-configs. This is a real pain with gsa and OMP.
But what's really strange is that OID 103441 is not listed by gsa/OMP. I created an empty scan-config within GSA and in family "General" this plugin cannot be found and therefore not enabled.
Any ideas how to use OID 103441 with gsa?
Stefan
smime.p7s
Description: S/MIME Kryptografische Unterschrift
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
