On Dienstag, 20. Oktober 2015, Reindl Harald wrote: > Am 20.10.2015 um 14:15 schrieb Eero Volotinen: > > You need to configure gnutls-priority string for each daemon, now you > > just configured it for gsad (greenbone security assistant) > > the main question remains why a vulnerability scanner complaining about > other services not at least starts with secure defaults itself without > user intervention
The local TLS installation defines the default regarded as secure. Overriding it by default by a application just creates other types of unwanted/surprising circumstances. For example a system or a system administrator might have decided to define a even stricter global /etc/gnutls/default-priorities. Then OpenVAS might silently downgrade the chosen security level if we set it to some value. I agree that either way (not using system default by default and using system default by default) shows disadvantages. But calling it "pervert" because we honor system default by default seems inadequate to me. -- Dr. Jan-Oliver Wagner | +49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
