[Openvas-discuss] handshake problems openvas server and manager

Ali Khalfan Mon, 24 Sep 2012 03:31:10 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I setup openvas scanner 3.3.1 on ubuntu 12.04.1  as well as the
certificates according to the default standards



I also setup openvas manager 3.0.3 and generate the default
certificates.  I started the openvas server but couldn't get the manager
to connect to it.  The log of openvasmd reports:

lib  serv:WARNING:2012-09-24 05h57.56 utc:3658:    Failed to gnutls_bye:
GnuTLS internal error.

lib  serv:WARNING:2012-09-24 05h58.16 utc:3661: openvas_server_connect:
failed to shake hands with server: The TLS connection was non-properly
terminated.

lib  serv:WARNING:2012-09-24 05h58.16 utc:3661:    Failed to gnutls_bye:
GnuTLS internal error.


I decided to try out a connection from the manager on gnutls-serv on
port 9393 and I got the following log from gnutls-serv which shows a
handshake failure :



* Accepted connection from IPv4 127.0.0.1 port 50757 on Mon Sep 24
11:38:24 2012
|<2>| ASSERT: gnutls_constate.c:695
|<4>| REC[0x934c8a0]: Allocating epoch #1
|<4>| REC[0x934c8a0]: Expected Packet[0] Handshake(22) with length: 1
|<4>| REC[0x934c8a0]: Received Packet[0] Handshake(22) with length: 108
|<4>| REC[0x934c8a0]: Decrypted Packet[0] Handshake(22) with length: 108
|<3>| HSK[0x934c8a0]: CLIENT HELLO was received [108 bytes]
|<3>| HSK[0x934c8a0]: Client's version: 3.3
|<2>| ASSERT: gnutls_db.c:326
|<2>| ASSERT: gnutls_db.c:246
|<2>| EXT[0x934c8a0]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<2>| EXT[0x934c8a0]: Parsing extension 'SIGNATURE ALGORITHMS/13' (16 bytes)
|<2>| EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256
|<2>| EXT[SIGA]: rcvd signature algo (4.2) DSA-SHA256
|<2>| EXT[SIGA]: rcvd signature algo (4.3) GOST R 34.10-94
|<2>| EXT[SIGA]: rcvd signature algo (5.1) RSA-SHA384
|<2>| EXT[SIGA]: rcvd signature algo (5.3) GOST R 34.10-94
|<2>| EXT[SIGA]: rcvd signature algo (6.1) RSA-SHA512
|<2>| EXT[SIGA]: rcvd signature algo (6.3) GOST R 34.10-94
|<2>| ASSERT: gnutls_handshake.c:3348
|<1>| Could not find an appropriate certificate: Insufficient
credentials for that request.
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_AES_128_CBC_SHA256
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_DSS_AES_256_CBC_SHA256
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|<3>| HSK[0x934c8a0]: Removing ciphersuite: DHE_RSA_AES_256_CBC_SHA256
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_ARCFOUR_MD5
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_AES_128_CBC_SHA256
|<3>| HSK[0x934c8a0]: Removing ciphersuite: RSA_AES_256_CBC_SHA256
|<2>| ASSERT: gnutls_handshake.c:921
|<2>| ASSERT: gnutls_handshake.c:586
|<2>| ASSERT: gnutls_handshake.c:2358
|<2>| ASSERT: gnutls_handshake.c:2991
Error in handshake
Error: Could not negotiate a supported cipher suite.
|<4>| REC: Sending Alert[2|40] - Handshake failed
|<4>| REC[0x934c8a0]: Sending Packet[0] Alert(21) with length: 2
|<4>| REC[0x934c8a0]: Sent Packet[1] Alert(21) with length: 7
|<2>| ASSERT: gnutls_record.c:276
|<4>| REC[0x934c8a0]: Epoch #0 freed
|<4>| REC[0x934c8a0]: Epoch #1 freed



With the simulated gnutls-serv  openvasmd log shows a different
handshake error , albeit still related to gnutls


lib  serv:WARNING:2012-09-24 08h31.48 utc:7430:    Failed to gnutls_bye:
GnuTLS internal error.

lib  serv:WARNING:2012-09-24 08h38.24 utc:7627: openvas_server_connect:
failed to shake hands with server: A TLS fatal alert has been received.

lib  serv:WARNING:2012-09-24 08h38.24 utc:7627:    Failed to gnutls_bye:
GnuTLS internal error.


It seems there is some sort of certificate issue between openvasmd and
openvassd.







-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCgAGBQJQYDZfAAoJEF9xp9NDNF0kIK0P/jsrqlplT75UB6lDwUwyHaHd
7hNcvgoF2DM1P8+AfG/KL5emCnD7NMsfVSrD9MR2VKwwUvLEHS0V88L2PbiJ+7Ny
a/6oJ7haopFJMylB9n/3nEWYRGeN/UPCYbjTymoBZjde7l++zq5iFKKnA/EKIzp7
spnucWeGV8PCyeeH1dng5WfJuzb+k3yS9A9CgkXeOWt2lM4Zs1GgTouDDdiHvrc+
vuwNdxGYlnSB3CDIlvb0fWo+E3RfhZgZyLCqBr3YFQkr35MeLQ1YbU8oVBj0/Rdy
NY4X/UfOdE2QZKOnNDJ0cW1RtpBZk69awYok+vif7PAwpHAg2Psjo7JVw5KheXtj
PLLLdpWquOjYV5HbtBeRztka3lSbTu//6PyLJyeEfflFp01LgIJ+fNTNJVCtc7Vf
3FWa02wng0+AiPYQMmIVtSxHuPhGe8h4W2W1idM+c0beCrgVIEw5l/cyCipfg+69
23esLa6r/rOZC0OyP+GWI+lK4pT8lvwhv3VHoZ20Nzn2iyIBAXZ4V+/5ab6MuB9v
RpEgCUCnSFXROLxAv//dNawr7YVbf+QZCquDzKT5vOv4GKaSHZ4RLNpzIiJdK9wE
ImT9uvFFAtjn60qxnwarSeZj4aa9m6jBIwcv24Y+9XhMUxGojIZNjyXzhaA18efJ
mh+qlcO5IdQE3J3gUbS2
=vlG4
-----END PGP SIGNATURE-----

_______________________________________________
Openvas-discuss mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[Openvas-discuss] handshake problems openvas server and manager

Reply via email to