You need to configure gnutls-priority string for each daemon, now you just configured it for gsad (greenbone security assistant)
-- Eero 2015-10-20 15:07 GMT+03:00 Diego Gomes <[email protected]>: > Hello, > > I used this command: > > gsad > --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" > > restarted openvas-manager, openvas-scanner, gsad > > Started scan against localhost and the same results: > Check for SSL Weak Ciphers > <https://192.168.254.198:9392/omp?cmd=get_result&result_id=55842672-5a0e-49a4-8aee-fca6d73df6bb&apply_overrides=1&min_qod=&task_id=e85bf115-8701-4b15-9fb9-5487523ba906&name=PH-SEC02&report_id=ec26c093-fce5-4ef5-aa09-50c933db8842&filter=sort-reverse%3Dseverity%20result_hosts_only%3D1%20min_cvss_base%3D%20min_qod%3D%20levels%3Dhmlg%20autofp%3D0%20notes%3D1%20overrides%3D1%20first%3D1%20rows%3D100%20delta_states%3Dgn&filt_id=&overrides=1&autofp=0&report_result_id=55842672-5a0e-49a4-8aee-fca6d73df6bb&token=f150869f-e730-4f65-bb67-66031d2cafe4> > - tcp/9390 (6017/openvasmd) > Deprecated SSLv2 and SSLv3 Protocol Detection - tcp/9390 (6017/openvasmd) > <https://192.168.254.198:9392/omp?cmd=get_result&result_id=6839c153-0ee0-4873-81b8-5bfd5ef0264d&apply_overrides=1&min_qod=&task_id=e85bf115-8701-4b15-9fb9-5487523ba906&name=PH-SEC02&report_id=ec26c093-fce5-4ef5-aa09-50c933db8842&filter=sort-reverse%3Dseverity%20result_hosts_only%3D1%20min_cvss_base%3D%20min_qod%3D%20levels%3Dhmlg%20autofp%3D0%20notes%3D1%20overrides%3D1%20first%3D1%20rows%3D100%20delta_states%3Dgn&filt_id=&overrides=1&autofp=0&report_result_id=6839c153-0ee0-4873-81b8-5bfd5ef0264d&token=f150869f-e730-4f65-bb67-66031d2cafe4> > POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability > <https://192.168.254.198:9392/omp?cmd=get_result&result_id=1fad1dc8-06ca-4061-bcc7-9bc1bd687b95&apply_overrides=1&min_qod=&task_id=e85bf115-8701-4b15-9fb9-5487523ba906&name=PH-SEC02&report_id=ec26c093-fce5-4ef5-aa09-50c933db8842&filter=sort-reverse%3Dseverity%20result_hosts_only%3D1%20min_cvss_base%3D%20min_qod%3D%20levels%3Dhmlg%20autofp%3D0%20notes%3D1%20overrides%3D1%20first%3D1%20rows%3D100%20delta_states%3Dgn&filt_id=&overrides=1&autofp=0&report_result_id=1fad1dc8-06ca-4061-bcc7-9bc1bd687b95&token=f150869f-e730-4f65-bb67-66031d2cafe4> > - - tcp/9390 (6017/openvasmd) > > In the /var/log/openvas/gsad.log I see this message (not sure if is > because of my changes above) > > gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive > data: The TLS connection was non-properly terminated. > gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive > data: The TLS connection was non-properly terminated. > gsad main:WARNING:2015-10-20 09h55.48 BRST:6029: MHD: Error: received > handshake message out of context > > > ------------------------------ > Date: Mon, 19 Oct 2015 01:39:10 +0300 > > Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS > From: [email protected] > To: [email protected] > CC: [email protected] > > You need to install centos 7 to get openvas 8. Centos 6 is not supported > due too old library version(s). > > I think openvas 7 also supports gnu priority strings, but it is always > wise to update to lastest version. > > -- > Eero > > 2015-10-19 1:36 GMT+03:00 Diego Gomes <[email protected]>: > > Thanks Eero, > > So, Can I understand that I am running openvas 7? > > And I understand that atomic team did not release openvas 8, because I did > not find any update yet. > > So, I need to wait for version 8 from atomic corp and use gnutls? I will > need to study how to do it. > > Thanks, > > Diego > > ------------------------------ > Date: Mon, 19 Oct 2015 01:32:48 +0300 > Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS > From: [email protected] > To: [email protected] > CC: [email protected] > > > well. update to openvas 8 and then use gnutls priority strings to change > ssl cipher settings.. > > Eero > > 2015-10-19 1:28 GMT+03:00 Diego Gomes <[email protected]>: > > Hello, > > I ran against localhost and I found those Vulnerabilities for tcp/9390 > (openvasmd) > > - POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability > - Deprecated SSLv2 and SSLv3 Protocol Detection > - Check for SSL Weak Ciphers > > My version is: > rpm -qa |grep -i openvas > openvas-manager-5.0.9-28.el6.art.x86_64 > openvas-scanner-4.0.6-19.el6.art.x86_64 > openvas-libraries-7.0.9-18.el6.art.x86_64 > openvas-1.0-17.el6.art.noarch > openvas-cli-1.3.1-6.el6.art.x86_64 > > How should we fix those 3 vulnerabilities? > > Thanks, > > Diego > > > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
