-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 what error do you get in the logs?
Stuart Sheldon wrote: > Hi Veerendra and all, > > I've got something wrong with my builds, but I'll be darned if I > can figure out what it is. If I had to guess, I would say it had to > do with the gnutls lib, but I'm at a loss to chase it down. > > > > Debian Wheezy with the following custom built Libs/Programs: > openssl-1.0.1c-4 (Debian source with ssl2 and weak enabled) > libgcrypt11-1.5.0 (Debian source built after openssl) > gnutls26-2.12.20 (Debian source built after openssl and libgcrypt) > libmicrohttpd-0.9.20 (Debian source built after all the above) > nmap-5.51-6 (Built from nmap site source against above libs) All > the OpenVAS stable 5 packages built against the above setup. > > I also can not attach to the web service via SSL. That's what leads > me to believe it's some kind of incompatibility with one of the > libraries. > > I am experiencing this with Debian Squeeze, as well as Ubuntu 12.04 > and 10.04. Regardless of whether I build from source or use the > prebuilt packages on OBS. > > Any help or pointers here would be greatly appreciated. > > Stuart Sheldon > > > On 10/19/2012 08:32 AM, Veerendra Ganiger wrote: >> Hi, > >> Thank you for providing the report. > >> Attaching report of XXX.XX.100.15 (given host) for port 443, 993, >> 995 along with this mail. > >> NVT worked as expected for above port all the time. > >> But it was not working properly for port 465, when investigated >> found that port is giving response as "Connection rate limit >> exceeded. " This case is not handled properly in NVT leading to >> false positive. > >> Updated NVT to handle the above case properly, also improved the >> detection mechanism. > >> NOTE : On port 465 updated NVT gives empty report or partial >> report, as the problem exists at server side i.e Connection rate >> limit exceeded > >> Please take updated scripts (secpod_ssl_ciphers.nasl >> secpod_ssl_ciphers.inc) from trunk and test once again. > >> NOTE : Results of both NVT and ssl-enum are exactly same. > >> Please let me know, still you are having some problem. > > >> Thanks! Veerendra > >> On Thursday 18 October 2012 09:05 PM, Stuart Sheldon wrote: >>> Hi Veerendra, > >>> This is off list. I've attached the scan settings and the scan >>> results for XXX.XX.100.15. Here is the results of './ssl-enum >>> -s XXX.XX.100.15 -p 993 -v 2' from the OpenVAS server: > >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure > >>> Here are the results of './ssl-enum -s XXX.XX.100.15 -p 443 -v >>> 2': > >>> HandshakeFailure HandshakeFailure 0x03 SSL3_RSA_RC4_40_MD5 >>> SSL_EXPORT 0x06 SSL3_RSA_RC2_40_MD5 SSL_EXPORT 0x08 >>> SSL3_RSA_DES_40_CBC_SHA SSL_EXPORT HandshakeFailure >>> HandshakeFailure HandshakeFailure 0x14 >>> SSL3_EDH_RSA_DES_40_CBC_SHA SSL_EXPORT 0x17 SSL3_ADH_RC4_40_MD5 >>> SSL_EXPORT 0x19 SSL3_ADH_DES_40_CBC_SHA SSL_EXPORT >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure 0x03 >>> TLS1_RSA_RC4_40_MD5 SSL_EXPORT 0x06 TLS1_RSA_RC2_40_MD5 >>> SSL_EXPORT 0x08 TLS1_RSA_DES_40_CBC_SHA SSL_EXPORT >>> HandshakeFailure HandshakeFailure HandshakeFailure 0x14 >>> TLS1_EDH_RSA_DES_40_CBC_SHA SSL_EXPORT 0x17 TLS1_ADH_RC4_40_MD5 >>> SSL_EXPORT 0x19 TLS1_ADH_DES_40_CBC_SHA SSL_EXPORT >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure HandshakeFailure HandshakeFailure >>> HandshakeFailure > >>> You are welcome to scan XXX.XX.100.15 to verify you are getting >>> the same results as I am. If you need access to anything else, >>> please let me know! > >>> Stu > > > > >>> On 10/18/2012 01:31 AM, Veerendra Ganiger wrote: >>>> Hello > >>>> Tested once again and it's able to detect supported ciphers >>>> and for Weak Ciphers for SSLv2, SSLv3, TLSv1. Working as >>>> expected. > >>>> Please have a look at below report. > >>>> Scan using SSL-Enum (http://code.google.com/p/ssl-enum) and >>>> compare the result against openvas report. > >>>> If possible off-record from the list, please share IP to >>>> reproduce and investigate the issue to my email id >>>> [email protected] > > >>>> Reported by NVT "Check for SSL Weak Ciphers" >>>> (1.3.6.1.4.1.25623.1.0.103440): > >>>> Server supports SSLv2 ciphers. > >>>> Server supports SSLv3 ciphers. > >>>> Server supports TLSv1 ciphers. > >>>> Server supported ciphers are SSL2_RC4_128_MD5 : SSL_NOT_EXP >>>> SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT >>>> SSL2_RC2_CBC_128_CBC_WITH_MD5 : SSL_NOT_EXP >>>> SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT >>>> SSL3_RSA_RC4_40_MD5 : SSL_EXPORT SSL3_RSA_RC4_128_MD5 : >>>> SSL_NOT_EXP SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP >>>> SSL3_RSA_RC2_40_MD5 : SSL_EXPORT SSL3_RSA_DES_40_CBC_SHA : >>>> SSL_EXPORT SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>> SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>> SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>> SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>> SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>> SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP >>>> SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>> SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>> TLS1_RSA_RC4_40_MD5 : SSL_EXPORT TLS1_RSA_RC4_128_MD5 : >>>> SSL_NOT_EXP TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP >>>> TLS1_RSA_RC2_40_MD5 : SSL_EXPORT TLS1_RSA_DES_40_CBC_SHA : >>>> SSL_EXPORT TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>> TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>> TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>> TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>> TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>> TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP >>>> TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>> TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP > >>>> Weak Ciphers SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT >>>> SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT >>>> SSL3_RSA_RC4_40_MD5 : SSL_EXPORT SSL3_RSA_RC2_40_MD5 : >>>> SSL_EXPORT SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>> SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT TLS1_RSA_RC4_40_MD5 >>>> : SSL_EXPORT TLS1_RSA_RC2_40_MD5 : SSL_EXPORT >>>> TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>> TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT > > >>>> Thanks! Veerendra > >>>> On Thursday 18 October 2012 03:25 AM, Stuart Sheldon wrote: >>>>> Hi Veerendra, > >>>>> Thank you so much for your help! I'm still not seeing >>>>> anything on 443... I would expect it to fail with ssl2 >>>>> enabled. > >>>>> Here are the results of 993... I'm pretty sure none of the >>>>> weak ciphers listed are running: > >>>>> Server will not support SSLv2 Ciphers. > >>>>> Server will not support SSLv3 Ciphers. > >>>>> Server supports TLSv1 ciphers. > >>>>> Server supported ciphers are SSL3_NULL_NULL_NULL : >>>>> SSL_EXPORT SSL3_RSA_NULL_MD5 : SSL_NOT_EXP >>>>> SSL3_RSA_NULL_SHA : SSL_NOT_EXP SSL3_RSA_RC4_40_MD5 : >>>>> SSL_EXPORT SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP >>>>> SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP SSL3_RSA_RC2_40_MD5 : >>>>> SSL_EXPORT SSL3_RSA_IDEA_128_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_RC4_40_MD5 : SSL_EXPORT SSL3_ADH_RC4_128_MD5 : >>>>> SSL_NOT_EXP SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_ADH_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_DES_192_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP SSL3_FZA_DMS_FZA_SHA : >>>>> SSL_NOT_EXP SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP >>>>> SSL3_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_KRB5_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP >>>>> SSL3_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP >>>>> SSL3_KRB5_RC4_128_MD5 : SSL_NOT_EXP >>>>> SSL3_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP >>>>> SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT SSL3_KRB5_RC4_40_SHA >>>>> : SSL_EXPORT SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT >>>>> SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT SSL3_KRB5_RC4_40_MD5 >>>>> : SSL_EXPORT SSL3_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT >>>>> SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT >>>>> SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>> SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>> SSL3_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT >>>>> SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT >>>>> SSL3_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_NULL_NULL_NULL : SSL_EXPORT TLS1_RSA_NULL_MD5 : >>>>> SSL_NOT_EXP TLS1_RSA_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_RC4_40_MD5 : SSL_EXPORT TLS1_RSA_RC4_128_MD5 : >>>>> SSL_NOT_EXP TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_RC2_40_MD5 : SSL_EXPORT TLS1_RSA_IDEA_128_SHA : >>>>> SSL_NOT_EXP TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_RC4_40_MD5 : SSL_EXPORT TLS1_ADH_RC4_128_MD5 : >>>>> SSL_NOT_EXP TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_ADH_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_DES_192_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP TLS1_FZA_DMS_FZA_SHA : >>>>> SSL_NOT_EXP TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP >>>>> TLS1_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_KRB5_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP >>>>> TLS1_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP >>>>> TLS1_KRB5_RC4_128_MD5 : SSL_NOT_EXP >>>>> TLS1_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP >>>>> TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT TLS1_KRB5_RC4_40_SHA >>>>> : SSL_EXPORT TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT >>>>> TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT TLS1_KRB5_RC4_40_MD5 >>>>> : SSL_EXPORT TLS1_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_WITH_AES_128_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_WITH_AES_256_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT >>>>> TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT >>>>> TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>> TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>> TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT >>>>> TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT >>>>> TLS1_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP : >>>>> TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP > >>>>> Weak Ciphers SSL3_RSA_NULL_MD5 : SSL_NOT_EXP >>>>> SSL3_RSA_NULL_SHA : SSL_NOT_EXP SSL3_RSA_RC4_40_MD5 : >>>>> SSL_EXPORT SSL3_RSA_RC2_40_MD5 : SSL_EXPORT >>>>> SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_ADH_RC4_40_MD5 : SSL_EXPORT SSL3_ADH_DES_40_CBC_SHA : >>>>> SSL_EXPORT SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP SSL3_FZA_DMS_RC4_SHA : >>>>> SSL_NOT_EXP SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT >>>>> SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT SSL3_KRB5_RC4_40_SHA >>>>> : SSL_EXPORT SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT >>>>> SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT SSL3_KRB5_RC4_40_MD5 >>>>> : SSL_EXPORT SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : >>>>> SSL_EXPORT SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : >>>>> SSL_EXPORT SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : >>>>> SSL_EXPORT SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : >>>>> SSL_EXPORT SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : >>>>> SSL_EXPORT SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_RSA_NULL_MD5 : SSL_NOT_EXP TLS1_RSA_NULL_SHA : >>>>> SSL_NOT_EXP TLS1_RSA_RC4_40_MD5 : SSL_EXPORT >>>>> TLS1_RSA_RC2_40_MD5 : SSL_EXPORT TLS1_RSA_DES_40_CBC_SHA : >>>>> SSL_EXPORT TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_ADH_RC4_40_MD5 : SSL_EXPORT TLS1_ADH_DES_40_CBC_SHA : >>>>> SSL_EXPORT TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP TLS1_FZA_DMS_RC4_SHA : >>>>> SSL_NOT_EXP TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT >>>>> TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT TLS1_KRB5_RC4_40_SHA >>>>> : SSL_EXPORT TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT >>>>> TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT TLS1_KRB5_RC4_40_MD5 >>>>> : SSL_EXPORT TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : >>>>> SSL_EXPORT TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : >>>>> SSL_EXPORT TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : >>>>> SSL_EXPORT TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : >>>>> SSL_EXPORT TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : >>>>> SSL_EXPORT TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>> TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP > >>>>> Stu > > >>>>> On 10/17/2012 01:07 AM, Veerendra Ganiger wrote: >>>>>> Hi Stuart, > >>>>>> Thank you for reporting. > >>>>>> According to below report, it listed week cipher list >>>>>> only. To get supported cipher list please enable "List >>>>>> SSL Supported Ciphers" in the preference (the plugin >>>>>> might take good amount of time to complete, it is advised >>>>>> to increase the plugin timeout, if no results appear), so >>>>>> that it can be compared with SSLSCAN which is listing >>>>>> supported ciphers. > >>>>>> Please let us know, if you still find false positive. If >>>>>> possible, try SSL-Enum as well >>>>>> http://code.google.com/p/ssl-enum > >>>>>> In the below report it said "Server will not support >>>>>> SSLv3 Ciphers." but it listed SSLv3 weak ciphers. It >>>>>> seems that message should not come. We will investigate >>>>>> on this issue. > >>>>>> If possible off-record from the list, please share IP to >>>>>> reproduce and investigate the failure. my email id >>>>>> [email protected] > >>>>>> NOTE: Make sure you have latest NVT's. > > >>>>>> Thanks! Veerendra > >>>>>> On Tuesday 16 October 2012 01:40 AM, Stuart Sheldon >>>>>> wrote: >>>>>>> Hi, > >>>>>>> I'm getting false positives and negatives where there >>>>>>> should be positives from: > >>>>>>> NVT: Check for SSL Weak Ciphers (OID: >>>>>>> 1.3.6.1.4.1.25623.1.0.103440). > >>>>>>> Problem may extend to: > >>>>>>> NVT: Check for SSL Medium Ciphers (OID: >>>>>>> 1.3.6.1.4.1.25623.1.0.902816) > >>>>>>> False positives are registered on ports: 465, 993, 995 >>>>>>> (dovecot and sendmail are running on target). >>>>>>> Ironically, it does not detect any weak ciphers on >>>>>>> https which was set to accept all. > >>>>>>> Target is running Debian Squeeze. OpenVAS server is >>>>>>> running the following: > >>>>>>> Debian Wheezy Re-compiled openssl/libssl package with >>>>>>> all ciphers and protocols enabled (1.0.0). NMap 6.01 >>>>>>> compiled from source. OpenNAS release 5 compiled from >>>>>>> source. > >>>>>>> Target scan returns the following on ports 465, 993, >>>>>>> 995: > >>>>>>> ------ Start NVT Report Detail --------- Server will >>>>>>> not support SSLv2 Ciphers. > >>>>>>> Server will not support SSLv3 Ciphers. > >>>>>>> Server supports TLSv1 ciphers. > >>>>>>> Weak Ciphers SSL3_RSA_NULL_MD5 : SSL_NOT_EXP >>>>>>> SSL3_RSA_NULL_SHA : SSL_NOT_EXP SSL3_RSA_RC4_40_MD5 : >>>>>>> SSL_EXPORT SSL3_RSA_RC2_40_MD5 : SSL_EXPORT >>>>>>> SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_ADH_RC4_40_MD5 : SSL_EXPORT >>>>>>> SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP >>>>>>> SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP SSL3_FZA_DMS_RC4_SHA >>>>>>> : SSL_NOT_EXP SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_KRB5_RC4_40_SHA : SSL_EXPORT >>>>>>> SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT >>>>>>> SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT >>>>>>> SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT >>>>>>> SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT >>>>>>> SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT >>>>>>> SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>>>> SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT >>>>>>> SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> TLS1_RSA_NULL_MD5 : SSL_NOT_EXP TLS1_RSA_NULL_SHA : >>>>>>> SSL_NOT_EXP TLS1_RSA_RC4_40_MD5 : SSL_EXPORT >>>>>>> TLS1_RSA_RC2_40_MD5 : SSL_EXPORT >>>>>>> TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_ADH_RC4_40_MD5 : SSL_EXPORT >>>>>>> TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP >>>>>>> TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP TLS1_FZA_DMS_RC4_SHA >>>>>>> : SSL_NOT_EXP TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_KRB5_RC4_40_SHA : SSL_EXPORT >>>>>>> TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT >>>>>>> TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT >>>>>>> TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT >>>>>>> TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT >>>>>>> TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT >>>>>>> TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT >>>>>>> TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT >>>>>>> TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP >>>>>>> TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP >>>>>>> TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP > >>>>>>> ------ END NVT Report Detail --------- > >>>>>>> sslscan returns for 465, 993, 995: > >>>>>>> Supported Server Cipher(s): Accepted SSLv3 256 bits >>>>>>> DHE-RSA-AES256-SHA Accepted SSLv3 256 bits >>>>>>> AES256-SHA Accepted SSLv3 168 bits >>>>>>> EDH-RSA-DES-CBC3-SHA Accepted SSLv3 168 bits >>>>>>> DES-CBC3-SHA Accepted SSLv3 128 bits >>>>>>> DHE-RSA-AES128-SHA Accepted SSLv3 128 bits >>>>>>> AES128-SHA Accepted SSLv3 128 bits RC4-SHA Accepted >>>>>>> SSLv3 128 bits RC4-MD5 Accepted TLSv1 256 bits >>>>>>> DHE-RSA-AES256-SHA Accepted TLSv1 256 bits >>>>>>> AES256-SHA Accepted TLSv1 168 bits >>>>>>> EDH-RSA-DES-CBC3-SHA Accepted TLSv1 168 bits >>>>>>> DES-CBC3-SHA Accepted TLSv1 128 bits >>>>>>> DHE-RSA-AES128-SHA Accepted TLSv1 128 bits >>>>>>> AES128-SHA Accepted TLSv1 128 bits RC4-SHA Accepted >>>>>>> TLSv1 128 bits RC4-MD5 > >>>>>>> Open SSL lib on OpenVAS Scanner Server: > >>>>>>> root@watchdog:~# openssl ciphers -v 'ALL' >>>>>>> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA >>>>>>> Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 >>>>>>> TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD >>>>>>> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA >>>>>>> Enc=AES(256) Mac=SHA384 ECDHE-ECDSA-AES256-SHA384 >>>>>>> TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 >>>>>>> ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA >>>>>>> Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES256-SHA SSLv3 >>>>>>> Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 >>>>>>> SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP Au=DSS >>>>>>> Enc=AES(256) Mac=SHA1 SRP-RSA-AES-256-CBC-SHA SSLv3 >>>>>>> Kx=SRP Au=RSA Enc=AES(256) Mac=SHA1 >>>>>>> DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=DSS >>>>>>> Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 >>>>>>> TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD >>>>>>> DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA >>>>>>> Enc=AES(256) Mac=SHA256 DHE-DSS-AES256-SHA256 >>>>>>> TLSv1.2 Kx=DH Au=DSS Enc=AES(256) Mac=SHA256 >>>>>>> DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=AES(256) Mac=SHA1 DHE-DSS-AES256-SHA SSLv3 >>>>>>> Kx=DH Au=DSS Enc=AES(256) Mac=SHA1 >>>>>>> DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=Camellia(256) Mac=SHA1 DHE-DSS-CAMELLIA256-SHA >>>>>>> SSLv3 Kx=DH Au=DSS Enc=Camellia(256) Mac=SHA1 >>>>>>> AECDH-AES256-SHA SSLv3 Kx=ECDH Au=None >>>>>>> Enc=AES(256) Mac=SHA1 SRP-AES-256-CBC-SHA SSLv3 >>>>>>> Kx=SRP Au=None Enc=AES(256) Mac=SHA1 >>>>>>> ADH-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=None >>>>>>> Enc=AESGCM(256) Mac=AEAD ADH-AES256-SHA256 >>>>>>> TLSv1.2 Kx=DH Au=None Enc=AES(256) Mac=SHA256 >>>>>>> ADH-AES256-SHA SSLv3 Kx=DH Au=None >>>>>>> Enc=AES(256) Mac=SHA1 ADH-CAMELLIA256-SHA SSLv3 >>>>>>> Kx=DH Au=None Enc=Camellia(256) Mac=SHA1 >>>>>>> ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA >>>>>>> Au=ECDH Enc=AESGCM(256) Mac=AEAD >>>>>>> ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA >>>>>>> Au=ECDH Enc=AESGCM(256) Mac=AEAD ECDH-RSA-AES256-SHA384 >>>>>>> TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256) Mac=SHA384 >>>>>>> ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH >>>>>>> Enc=AES(256) Mac=SHA384 ECDH-RSA-AES256-SHA SSLv3 >>>>>>> Kx=ECDH/RSA Au=ECDH Enc=AES(256) Mac=SHA1 >>>>>>> ECDH-ECDSA-AES256-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH >>>>>>> Enc=AES(256) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 >>>>>>> Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD >>>>>>> AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA >>>>>>> Enc=AES(256) Mac=SHA256 AES256-SHA SSLv3 >>>>>>> Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 >>>>>>> CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA >>>>>>> Enc=Camellia(256) Mac=SHA1 PSK-AES256-CBC-SHA >>>>>>> SSLv3 Kx=PSK Au=PSK Enc=AES(256) Mac=SHA1 >>>>>>> ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA >>>>>>> Enc=3DES(168) Mac=SHA1 ECDHE-ECDSA-DES-CBC3-SHA SSLv3 >>>>>>> Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1 >>>>>>> SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP Au=DSS >>>>>>> Enc=3DES(168) Mac=SHA1 SRP-RSA-3DES-EDE-CBC-SHA SSLv3 >>>>>>> Kx=SRP Au=RSA Enc=3DES(168) Mac=SHA1 >>>>>>> EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=3DES(168) Mac=SHA1 EDH-DSS-DES-CBC3-SHA SSLv3 >>>>>>> Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 >>>>>>> AECDH-DES-CBC3-SHA SSLv3 Kx=ECDH Au=None >>>>>>> Enc=3DES(168) Mac=SHA1 SRP-3DES-EDE-CBC-SHA SSLv3 >>>>>>> Kx=SRP Au=None Enc=3DES(168) Mac=SHA1 >>>>>>> ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None >>>>>>> Enc=3DES(168) Mac=SHA1 ECDH-RSA-DES-CBC3-SHA SSLv3 >>>>>>> Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1 >>>>>>> ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH >>>>>>> Enc=3DES(168) Mac=SHA1 DES-CBC3-SHA SSLv3 >>>>>>> Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 DES-CBC3-MD5 >>>>>>> SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 >>>>>>> PSK-3DES-EDE-CBC-SHA SSLv3 Kx=PSK Au=PSK >>>>>>> Enc=3DES(168) Mac=SHA1 ECDHE-RSA-AES128-GCM-SHA256 >>>>>>> TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD >>>>>>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH >>>>>>> Au=ECDSA Enc=AESGCM(128) Mac=AEAD >>>>>>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA >>>>>>> Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 >>>>>>> TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 >>>>>>> ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA >>>>>>> Enc=AES(128) Mac=SHA1 ECDHE-ECDSA-AES128-SHA SSLv3 >>>>>>> Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 >>>>>>> SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP Au=DSS >>>>>>> Enc=AES(128) Mac=SHA1 SRP-RSA-AES-128-CBC-SHA SSLv3 >>>>>>> Kx=SRP Au=RSA Enc=AES(128) Mac=SHA1 >>>>>>> DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=DSS >>>>>>> Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 >>>>>>> TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD >>>>>>> DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA >>>>>>> Enc=AES(128) Mac=SHA256 DHE-DSS-AES128-SHA256 >>>>>>> TLSv1.2 Kx=DH Au=DSS Enc=AES(128) Mac=SHA256 >>>>>>> DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=AES(128) Mac=SHA1 DHE-DSS-AES128-SHA SSLv3 >>>>>>> Kx=DH Au=DSS Enc=AES(128) Mac=SHA1 >>>>>>> DHE-RSA-SEED-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=SEED(128) Mac=SHA1 DHE-DSS-SEED-SHA SSLv3 >>>>>>> Kx=DH Au=DSS Enc=SEED(128) Mac=SHA1 >>>>>>> DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=Camellia(128) Mac=SHA1 DHE-DSS-CAMELLIA128-SHA >>>>>>> SSLv3 Kx=DH Au=DSS Enc=Camellia(128) Mac=SHA1 >>>>>>> AECDH-AES128-SHA SSLv3 Kx=ECDH Au=None >>>>>>> Enc=AES(128) Mac=SHA1 SRP-AES-128-CBC-SHA SSLv3 >>>>>>> Kx=SRP Au=None Enc=AES(128) Mac=SHA1 >>>>>>> ADH-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=None >>>>>>> Enc=AESGCM(128) Mac=AEAD ADH-AES128-SHA256 >>>>>>> TLSv1.2 Kx=DH Au=None Enc=AES(128) Mac=SHA256 >>>>>>> ADH-AES128-SHA SSLv3 Kx=DH Au=None >>>>>>> Enc=AES(128) Mac=SHA1 ADH-SEED-SHA SSLv3 >>>>>>> Kx=DH Au=None Enc=SEED(128) Mac=SHA1 >>>>>>> ADH-CAMELLIA128-SHA SSLv3 Kx=DH Au=None >>>>>>> Enc=Camellia(128) Mac=SHA1 ECDH-RSA-AES128-GCM-SHA256 >>>>>>> TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128) Mac=AEAD >>>>>>> ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA >>>>>>> Au=ECDH Enc=AESGCM(128) Mac=AEAD ECDH-RSA-AES128-SHA256 >>>>>>> TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128) Mac=SHA256 >>>>>>> ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH >>>>>>> Enc=AES(128) Mac=SHA256 ECDH-RSA-AES128-SHA SSLv3 >>>>>>> Kx=ECDH/RSA Au=ECDH Enc=AES(128) Mac=SHA1 >>>>>>> ECDH-ECDSA-AES128-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH >>>>>>> Enc=AES(128) Mac=SHA1 AES128-GCM-SHA256 TLSv1.2 >>>>>>> Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD >>>>>>> AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA >>>>>>> Enc=AES(128) Mac=SHA256 AES128-SHA SSLv3 >>>>>>> Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 SEED-SHA >>>>>>> SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1 >>>>>>> CAMELLIA128-SHA SSLv3 Kx=RSA Au=RSA >>>>>>> Enc=Camellia(128) Mac=SHA1 IDEA-CBC-SHA >>>>>>> SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 >>>>>>> IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA >>>>>>> Enc=IDEA(128) Mac=MD5 RC2-CBC-MD5 SSLv2 >>>>>>> Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 >>>>>>> PSK-AES128-CBC-SHA SSLv3 Kx=PSK Au=PSK >>>>>>> Enc=AES(128) Mac=SHA1 ECDHE-RSA-RC4-SHA SSLv3 >>>>>>> Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1 >>>>>>> ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA >>>>>>> Enc=RC4(128) Mac=SHA1 AECDH-RC4-SHA SSLv3 >>>>>>> Kx=ECDH Au=None Enc=RC4(128) Mac=SHA1 ADH-RC4-MD5 >>>>>>> SSLv3 Kx=DH Au=None Enc=RC4(128) Mac=MD5 >>>>>>> ECDH-RSA-RC4-SHA SSLv3 Kx=ECDH/RSA Au=ECDH >>>>>>> Enc=RC4(128) Mac=SHA1 ECDH-ECDSA-RC4-SHA SSLv3 >>>>>>> Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128) Mac=SHA1 RC4-SHA >>>>>>> SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 >>>>>>> RC4-MD5 SSLv3 Kx=RSA Au=RSA >>>>>>> Enc=RC4(128) Mac=MD5 RC4-MD5 SSLv2 >>>>>>> Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 PSK-RC4-SHA >>>>>>> SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1 >>>>>>> EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA >>>>>>> Enc=DES(56) Mac=SHA1 EDH-DSS-DES-CBC-SHA SSLv3 >>>>>>> Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 >>>>>>> ADH-DES-CBC-SHA SSLv3 Kx=DH Au=None >>>>>>> Enc=DES(56) Mac=SHA1 DES-CBC-SHA SSLv3 >>>>>>> Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 DES-CBC-MD5 >>>>>>> SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 >>>>>>> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512) Au=RSA >>>>>>> Enc=DES(40) Mac=SHA1 export EXP-EDH-DSS-DES-CBC-SHA >>>>>>> SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 >>>>>>> export EXP-ADH-DES-CBC-SHA SSLv3 Kx=DH(512) >>>>>>> Au=None Enc=DES(40) Mac=SHA1 export EXP-DES-CBC-SHA >>>>>>> SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 >>>>>>> export EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA >>>>>>> Enc=RC2(40) Mac=MD5 export EXP-RC2-CBC-MD5 >>>>>>> SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export >>>>>>> EXP-ADH-RC4-MD5 SSLv3 Kx=DH(512) Au=None >>>>>>> Enc=RC4(40) Mac=MD5 export EXP-RC4-MD5 >>>>>>> SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export >>>>>>> EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA >>>>>>> Enc=RC4(40) Mac=MD5 export > >>>>>>> I'm out of ideas... Any help would be greatly >>>>>>> appritiated. > >>>>>>> Stuart Sheldon > >>>>>>> _______________________________________________ >>>>>>> Openvas-plugins mailing list >>>>>>> [email protected] >>>>>>> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins > >>>>>>> > > > > > > > > _______________________________________________ Openvas-discuss > mailing list [email protected] > http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBCgAGBQJQhhjtAAoJEF9xp9NDNF0kVgkQAK6PCAYSqFRM3X/5ZjrfmlPR LLM4ybAbAn8dlVRiy5ujHNu4S64C++oHOCivpO2+toOUO/w8IHBYzMfEOCSmwxMi hUsQbYeoSRcB7pB9zEcef2cOZNU4Mnu2nCiqzJ4VRLHLHxD73YKHeB5ykxa8p2rR VQByGUuEYsnhCc7Os8iXuq6QFbRKQLlNsMRpE8/bXfckJIIOgPGFikvltM5IyZ/W OMGpKwg1cD/6WNK7aII8/0NeGn3bIQuEdzQ2nUgw4xoHig5yGL/IWFZ+CNNJ09S6 9EC1sLWUiWYOU+A/b38aK+k3tR7x1jdKyvCUPFGvI2nuaW6b1cO/MfOJOOJA7g4x 87otvKsSvwKLkEuvi/SGyUXgUAeHcTNrupTDFkFxKI7zkwFms5oIeGkH0AL3r6zz tod6bLesuYiotMQiTfl160zb/VN36m+VII2GocUP5s/bNQzQWWXwbDLxlSNVr3CO J6AV4vphfNYjB72doiDBepo+iIkUuVck98lxywYO53sWNZrtsJR8JR6NONChndwb YwlQ6Oktb0xd2CjvhBwB6BXkca5N4E53cVLakWLw7FDvS+ce2jK7adY8jMHeLsIS 8g3767cyyXtPnFJp9PcH3PJ3rY3dMHWPP8KGo87g5aCTpOgRouZss4siTEeLdtSF ZYnqcR+TjsQsLikhNI1Z =xrd0 -----END PGP SIGNATURE----- _______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
