Am 25.05.2014 12:51, schrieb Michael Meyer: > *** Reindl Harald wrote: >> Am 25.05.2014 12:38, schrieb Michael Meyer: >>> *** Reindl Harald wrote: >>> >>>> and pretty sure also can't test modern ciphers >>>> on target systems using whatever software with OpenSSL >>> >>> Pretty sure isn't the same as knowing. You are again wrong >> >> how are you doing that if your own library does not support >> it? > > We just don't use a library for the cipher check. See > secpod_ssl_ciphers.inc to understand how it works.
the cipher check itself is only one piece scanning a website offering only PFS a forcing encryption is just impossible because you can't get any http-connection to try attacks against the web application behind i have two internal sites here only allowing DHE/ECDHE because they are not public reachable which does not mean secure them internally don't matter
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
