Eero, did you already do it? Sorry but, do you mean that I need to run like this?
openvasmd --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" openvassd --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" Thanks, Diego Date: Tue, 20 Oct 2015 15:15:14 +0300 Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS From: [email protected] To: [email protected] CC: [email protected] You need to configure gnutls-priority string for each daemon, now you just configured it for gsad (greenbone security assistant) --Eero 2015-10-20 15:07 GMT+03:00 Diego Gomes <[email protected]>: Hello, I used this command: gsad --gnutls-priorities="SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0" restarted openvas-manager, openvas-scanner, gsad Started scan against localhost and the same results: Check for SSL Weak Ciphers - tcp/9390 (6017/openvasmd) Deprecated SSLv2 and SSLv3 Protocol Detection - tcp/9390 (6017/openvasmd) POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability - - tcp/9390 (6017/openvasmd) In the /var/log/openvas/gsad.log I see this message (not sure if is because of my changes above) gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive data: The TLS connection was non-properly terminated. gsad main:WARNING:2015-10-20 09h55.07 BRST:6029: MHD: Failed to receive data: The TLS connection was non-properly terminated. gsad main:WARNING:2015-10-20 09h55.48 BRST:6029: MHD: Error: received handshake message out of context Date: Mon, 19 Oct 2015 01:39:10 +0300 Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS From: [email protected] To: [email protected] CC: [email protected] You need to install centos 7 to get openvas 8. Centos 6 is not supported due too old library version(s). I think openvas 7 also supports gnu priority strings, but it is always wise to update to lastest version. --Eero 2015-10-19 1:36 GMT+03:00 Diego Gomes <[email protected]>: Thanks Eero, So, Can I understand that I am running openvas 7? And I understand that atomic team did not release openvas 8, because I did not find any update yet. So, I need to wait for version 8 from atomic corp and use gnutls? I will need to study how to do it. Thanks, Diego Date: Mon, 19 Oct 2015 01:32:48 +0300 Subject: Re: [Openvas-discuss] Vulnerabilities OpenVAS From: [email protected] To: [email protected] CC: [email protected] well. update to openvas 8 and then use gnutls priority strings to change ssl cipher settings.. Eero 2015-10-19 1:28 GMT+03:00 Diego Gomes <[email protected]>: Hello, I ran against localhost and I found those Vulnerabilities for tcp/9390 (openvasmd) - POODLE SSLv3 Protocol CBC ciphers Information Disclosure Vulnerability - Deprecated SSLv2 and SSLv3 Protocol Detection - Check for SSL Weak Ciphers My version is: rpm -qa |grep -i openvasopenvas-manager-5.0.9-28.el6.art.x86_64openvas-scanner-4.0.6-19.el6.art.x86_64openvas-libraries-7.0.9-18.el6.art.x86_64openvas-1.0-17.el6.art.noarchopenvas-cli-1.3.1-6.el6.art.x86_64 How should we fix those 3 vulnerabilities? Thanks, Diego _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
