Hi, > How are such guessed services handled during an OpenVAS scan? They probably > needs an manual investigation with tools like sslscan?
ok should have a deeper look first. Seems most of the ssl/https services are replying with a: ssl_error_handshake_failure_alert when opening a browser connection to them. But the SSL cipher checks are still running and showing results as they are not using the Services/www but the ports. So it seems there is no chance that Nmap/OpenVAS can do more than checking for weak ciphers if the service is replying with an ssl_error_handshake_failure_alert. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
