Add the following to your invocation of openvasmd, openvassd, and gsad: --gnutls-priorities=SECURE128:-VERS-SSL3.0
________________________________________ From: Openvas-discuss [[email protected]] on behalf of Christiaan DeVries [[email protected]] Sent: Tuesday, April 21, 2015 7:04 AM To: [email protected] Subject: Re: [Openvas-discuss] Modifying the OpenVAS SSL config Hi all, Just coming back to this one, my system (OpenVAS7 on Fedora 20) still shows up as being prone to POODLE on port 9390 which belongs to openvasmd: [chris@openvas openvas]$ sudo lsof -i:9390 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME openvasmd 834 root 3u IPv4 23286 0t0 TCP *:otp (LISTEN) How can I permanently disable SSLv3 there? Regards, Christiaan de Vries w: +353 1 526 7736 | m: +353 860 234 384 | e: christiaan.devries @hetg.ie | www.DigitalPlanet.ie | www.hetg.ie HIBERNIA HOUSE | Cherrywood Business Park | Loughlinstown | Dublin 18 | Ireland Hibernia Services Ltd. is registered in Ireland, Company Registration No. 170309 © 2014 Digital Planet, part of the HiberniaEvros Technology Group -----Original Message----- From: Openvas-discuss [mailto:[email protected]] On Behalf Of Chris Sent: 08 December 2014 19:59 To: [email protected] Subject: Re: [Openvas-discuss] Modifying the OpenVAS SSL config Hi, > For example, the article shows: gsad > --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" > However, in my limited understanding of POODLE, SSLv3 using CBC > ciphers are vulnerable to that MITM attack. SSLv3 is disabled via the: -VERS-SSL3.0 string. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ________________________________ This e-mail and any attachments are confidential. If it is not intended for you, please notify the sender, and please erase and ignore the contents. _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
