On 2014-05-25 0:33, Reindl Harald wrote:
Am 25.05.2014 01:12, schrieb Hani Benhabiles:
On 2014-05-23 21:13, Jason Garin wrote:
Is there a way to disable weak ciphers used by gsad and openvasmd?
Yes, see --gnutls-priorities and --dh-params cli arguments
may i ask why there are no sane defaults and if you are aware
that many browsers not supporting DHE ciphers while OpenVAS
at least in V6 not supports ECDHE
normally if a software scans other machines and services
for PCI compliance the minimum is that itself is PCI
compliant at the same time - practice what you preach
For PFS support (using DH based algorithms) in GSA, the recently
released libmicrohttpd 0.9.35 is required to be able to specify
Diffie-Hellman parameters.
For ECDHE and ECDSA, GnuTLS 3.x is needed. GnuTLS 2.x doesn't support
those (but you can add PFS support with DHE-RSA which is supported in
2.x)
IANAL, but the issue with GnuTLS seems to be a "GPLv2 only" problem
(that was solved recently ? [1]) but I can't provide advice on this
matter ;)
[1] https://wiki.debian.org/gnutls3
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
