Re: [Openvas-discuss] openvas manager fails to rebuild with "Failed to shake hands with peer: The TLS connection was non-properly terminated."

Fri, 22 May 2015 08:52:29 -0700 

On 2015-05-17 14:28, if wrote:

Hi,
I am trying to write a documentation on how to install and run OpenVAS 8 
on Ubuntu 15.04.

Here what I did until now:

1- compiled library, client,manager, cli and GSA according to
instructions on INSTALL files and installed redis-server.

2- Generated relevant certificates and keys with openvas-mkcert

3- Added OpenVAS key (48DB4530) to trusted keys.
gpg --homedir=/usr/local/etc/openvas/gnupg --lsign-key 48DB4530

4- Added nasl_no_signature_check = no line to openvassd.conf file.

5- Updated NVT with openvas-nvt-sync.
6- Changed default redis.conf with the one OpenVAS provided and started 
redis-server

cp /usr/local/share/doc/openvas-scanner/example_redis_2_6.conf
/etc/redis/redis.conf
redis-server /etc/redis/redis.conf
7- Generated client certificate and key with openvas-mkcert-client -n -i 

8- Created a user with admin role.

9- Started openvassd

When I run openvasmd --rebuild command, it fails with

lib  serv:WARNING:2015-05-17 13h11.49 utc:9362: Failed to shake hands
with peer: The TLS connection was non-properly terminated.

It seems that this warning is related to gnutls version according to
this[1] and this[2]. A user siad[3] that the problem had disappeared
when he/she started to use gnutls 3.3.10-1 on Arch Linux.

On Ubuntu 15.04, libgnutls version is 3.3.8
LC_ALL=C apt-cache policy libgnutls-dev
libgnutls-dev:
  Installed: 3.3.8-3ubuntu3
  Candidate: 3.3.8-3ubuntu3
  Version table:
 *** 3.3.8-3ubuntu3 0
500 http://archive.ubuntu.com/ubuntu/ vivid/main amd64 Packages 
        100 /var/lib/dpkg/status

So, should I compile a newer (3.3.10) or an older (2.12) version of
libgnutls-dev or is there another way to solve this problem?

[1]

http://lists.wald.intevation.org/pipermail/openvas-discuss/2014-June/006309.html
[2]

https://wald.intevation.org/tracker/?func=detail&atid=220&aid=6572&group_id=29
[3] https://bugs.archlinux.org/task/42554
Yes, this is a bug in GnuTLS 3.3.8 that is fixed in 3.3.10. I have commited a fix in the maintenance branch to work-around the issue. You can either update GnuTLS, grab openvas scanner + libraries code from OpenVAS 8 branch (or wait for the next maintenance release packages.) 

Best regards,

Hani.
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Reply via email to