Re: [Openvas-plugins] Seeing issues with SSL Detection

Veerendra Ganiger Fri, 19 Oct 2012 08:32:51 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,


Thank you for providing the report.

Attaching report of XXX.XX.100.15 (given host) for port 443, 993, 995
along with this mail.

NVT worked as expected for above port all the time.

But it was not working properly for port 465, when investigated found
that port is giving response as "Connection rate limit exceeded. "
This case is not handled properly in NVT leading to false positive.

Updated NVT to handle the above case properly, also improved the
detection mechanism.

NOTE : On port 465 updated NVT gives empty report or partial report, as
the problem exists at server side i.e Connection rate limit exceeded

Please take updated scripts (secpod_ssl_ciphers.nasl
secpod_ssl_ciphers.inc) from trunk and test once again.

NOTE : Results of both NVT and ssl-enum are exactly same.

Please let me know, still you are having some problem.


Thanks!
Veerendra

On Thursday 18 October 2012 09:05 PM, Stuart Sheldon wrote:
> Hi Veerendra,
> 
> This is off list. I've attached the scan settings and the scan results
> for XXX.XX.100.15. Here is the results of './ssl-enum -s XXX.XX.100.15
> -p 993 -v 2' from the OpenVAS server:
> 
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> 
> Here are the results of './ssl-enum -s XXX.XX.100.15 -p 443 -v 2':
> 
> HandshakeFailure
> HandshakeFailure
> 0x03  SSL3_RSA_RC4_40_MD5     SSL_EXPORT
> 0x06  SSL3_RSA_RC2_40_MD5     SSL_EXPORT
> 0x08  SSL3_RSA_DES_40_CBC_SHA SSL_EXPORT
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> 0x14  SSL3_EDH_RSA_DES_40_CBC_SHA     SSL_EXPORT
> 0x17  SSL3_ADH_RC4_40_MD5     SSL_EXPORT
> 0x19  SSL3_ADH_DES_40_CBC_SHA SSL_EXPORT
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> 0x03  TLS1_RSA_RC4_40_MD5     SSL_EXPORT
> 0x06  TLS1_RSA_RC2_40_MD5     SSL_EXPORT
> 0x08  TLS1_RSA_DES_40_CBC_SHA SSL_EXPORT
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> 0x14  TLS1_EDH_RSA_DES_40_CBC_SHA     SSL_EXPORT
> 0x17  TLS1_ADH_RC4_40_MD5     SSL_EXPORT
> 0x19  TLS1_ADH_DES_40_CBC_SHA SSL_EXPORT
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> HandshakeFailure
> 
> You are welcome to scan XXX.XX.100.15 to verify you are getting the same
> results as I am. If you need access to anything else, please let me know!
> 
> Stu
> 
> 
> 
> 
> On 10/18/2012 01:31 AM, Veerendra Ganiger wrote:
>> Hello
> 
>> Tested once again and it's able to detect supported ciphers and for Weak
>> Ciphers for SSLv2, SSLv3, TLSv1. Working as expected.
> 
>> Please have a look at below report.
> 
>> Scan using SSL-Enum (http://code.google.com/p/ssl-enum) and compare the
>> result against openvas report.
> 
>> If possible off-record from the list, please share IP to reproduce and
>> investigate the issue to my email id [email protected]
> 
> 
>> Reported by NVT "Check for SSL Weak Ciphers" (1.3.6.1.4.1.25623.1.0.103440):
> 
>> Server supports SSLv2 ciphers.
> 
>> Server supports SSLv3 ciphers.
> 
>> Server supports TLSv1 ciphers.
> 
>> Server supported ciphers are
>>   SSL2_RC4_128_MD5 : SSL_NOT_EXP
>>   SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT
>>   SSL2_RC2_CBC_128_CBC_WITH_MD5 : SSL_NOT_EXP
>>   SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT
>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>   SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>   SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP
>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>   SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>   SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>   SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>   SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>   SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>   TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>   TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP
>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>   TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>   TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>   TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>   TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>   TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
> 
>> Weak Ciphers
>>   SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT
>>   SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT
>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
> 
> 
>> Thanks!
>> Veerendra
> 
>> On Thursday 18 October 2012 03:25 AM, Stuart Sheldon wrote:
>>> Hi Veerendra,
> 
>>> Thank you so much for your help! I'm still not seeing anything on 443...
>>> I would expect it to fail with ssl2 enabled.
> 
>>> Here are the results of 993... I'm pretty sure none of the weak ciphers
>>> listed are running:
> 
>>> Server will not support SSLv2 Ciphers.
> 
>>> Server will not support SSLv3 Ciphers.
> 
>>> Server supports TLSv1 ciphers.
> 
>>> Server supported ciphers are
>>>   SSL3_NULL_NULL_NULL : SSL_EXPORT
>>>   SSL3_RSA_NULL_MD5 : SSL_NOT_EXP
>>>   SSL3_RSA_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>>   SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_IDEA_128_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_ADH_RC4_128_MD5 : SSL_NOT_EXP
>>>   SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_ADH_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_DES_192_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>   SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>   SSL3_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_KRB5_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP
>>>   SSL3_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP
>>>   SSL3_KRB5_RC4_128_MD5 : SSL_NOT_EXP
>>>   SSL3_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP
>>>   SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_KRB5_RC4_40_SHA : SSL_EXPORT
>>>   SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>   SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>   SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>   SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>   SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>   SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>   SSL3_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_NULL_NULL_NULL : SSL_EXPORT
>>>   TLS1_RSA_NULL_MD5 : SSL_NOT_EXP
>>>   TLS1_RSA_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>>   TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_IDEA_128_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_ADH_RC4_128_MD5 : SSL_NOT_EXP
>>>   TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_ADH_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_DES_192_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>   TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>   TLS1_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_KRB5_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP
>>>   TLS1_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP
>>>   TLS1_KRB5_RC4_128_MD5 : SSL_NOT_EXP
>>>   TLS1_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP
>>>   TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_KRB5_RC4_40_SHA : SSL_EXPORT
>>>   TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>   TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>   TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>   TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>   TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>   TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>   TLS1_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP :
>>>   TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
> 
>>> Weak Ciphers
>>>   SSL3_RSA_NULL_MD5 : SSL_NOT_EXP
>>>   SSL3_RSA_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_ADH_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>   SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>   SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_KRB5_RC4_40_SHA : SSL_EXPORT
>>>   SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>   SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>   SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>   SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>   SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>   SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_NULL_MD5 : SSL_NOT_EXP
>>>   TLS1_RSA_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_ADH_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>   TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>   TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_KRB5_RC4_40_SHA : SSL_EXPORT
>>>   TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>   TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>   TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>   TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>   TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>   TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>   TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>   TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
> 
>>> Stu
> 
> 
>>> On 10/17/2012 01:07 AM, Veerendra Ganiger wrote:
>>>> Hi Stuart,
> 
>>>> Thank you for reporting.
> 
>>>> According to below report, it listed week cipher list only. To get
>>>> supported cipher list please enable "List SSL Supported Ciphers" in the
>>>> preference (the plugin might take good amount of time to complete, it is
>>>> advised to increase the plugin timeout, if no results appear), so that
>>>> it can be compared with SSLSCAN which is listing supported ciphers.
> 
>>>> Please let us know, if you still find false positive.
>>>> If possible, try SSL-Enum as well http://code.google.com/p/ssl-enum
> 
>>>> In the below report it said "Server will not support SSLv3 Ciphers." but
>>>> it listed SSLv3 weak ciphers. It seems that message should not come. We
>>>> will investigate on this issue.
> 
>>>> If possible off-record from the list, please share IP to reproduce and
>>>> investigate the failure. my email id [email protected]
> 
>>>> NOTE: Make sure you have latest NVT's.
> 
> 
>>>> Thanks!
>>>> Veerendra
> 
>>>> On Tuesday 16 October 2012 01:40 AM, Stuart Sheldon wrote:
>>>>> Hi,
> 
>>>>> I'm getting false positives and negatives where there should be
>>>>> positives from:
> 
>>>>> NVT: Check for SSL Weak Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103440).
> 
>>>>> Problem may extend to:
> 
>>>>> NVT: Check for SSL Medium Ciphers (OID: 1.3.6.1.4.1.25623.1.0.902816)
> 
>>>>> False positives are registered on ports: 465, 993, 995 (dovecot and
>>>>> sendmail are running on target). Ironically, it does not detect any weak
>>>>> ciphers on https which was set to accept all.
> 
>>>>> Target is running Debian Squeeze. OpenVAS server is running the following:
> 
>>>>> Debian Wheezy
>>>>> Re-compiled openssl/libssl package with all ciphers and protocols
>>>>> enabled (1.0.0).
>>>>> NMap 6.01 compiled from source.
>>>>> OpenNAS release 5 compiled from source.
> 
>>>>> Target scan returns the following on ports 465, 993, 995:
> 
>>>>> ------ Start NVT Report Detail ---------
>>>>> Server will not support SSLv2 Ciphers.
> 
>>>>> Server will not support SSLv3 Ciphers.
> 
>>>>> Server supports TLSv1 ciphers.
> 
>>>>> Weak Ciphers
>>>>>   SSL3_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>>   SSL3_RSA_NULL_SHA : SSL_NOT_EXP
>>>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>>   SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>>   SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>>   SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>>   SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>>   SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>>   SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>>   SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>>   SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>>   SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>>   SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>>   TLS1_RSA_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>>   TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>>   TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>>   TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>>   TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>>   TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>>   TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>>   TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>>   TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>>   TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>   TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>   TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
> 
>>>>> ------ END NVT Report Detail ---------
> 
>>>>> sslscan returns for 465, 993, 995:
> 
>>>>> Supported Server Cipher(s):
>>>>>     Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
>>>>>     Accepted  SSLv3  256 bits  AES256-SHA
>>>>>     Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
>>>>>     Accepted  SSLv3  168 bits  DES-CBC3-SHA
>>>>>     Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
>>>>>     Accepted  SSLv3  128 bits  AES128-SHA
>>>>>     Accepted  SSLv3  128 bits  RC4-SHA
>>>>>     Accepted  SSLv3  128 bits  RC4-MD5
>>>>>     Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
>>>>>     Accepted  TLSv1  256 bits  AES256-SHA
>>>>>     Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
>>>>>     Accepted  TLSv1  168 bits  DES-CBC3-SHA
>>>>>     Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
>>>>>     Accepted  TLSv1  128 bits  AES128-SHA
>>>>>     Accepted  TLSv1  128 bits  RC4-SHA
>>>>>     Accepted  TLSv1  128 bits  RC4-MD5
> 
>>>>> Open SSL lib on OpenVAS Scanner Server:
> 
>>>>> root@watchdog:~# openssl ciphers -v 'ALL'
>>>>> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256)
>>>>> Mac=AEAD
>>>>> ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
>>>>> Enc=AESGCM(256) Mac=AEAD
>>>>> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  
>>>>> Mac=SHA384
>>>>> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)
>>>>> Mac=SHA384
>>>>> ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>> ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
>>>>> SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
>>>>> SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>> DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256)
>>>>> Mac=AEAD
>>>>> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256)
>>>>> Mac=AEAD
>>>>> DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  
>>>>> Mac=SHA256
>>>>> DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  
>>>>> Mac=SHA256
>>>>> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>>>>> DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) 
>>>>> Mac=SHA1
>>>>> DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) 
>>>>> Mac=SHA1
>>>>> AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
>>>>> SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=None Enc=AES(256)  Mac=SHA1
>>>>> ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) 
>>>>> Mac=AEAD
>>>>> ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  
>>>>> Mac=SHA256
>>>>> ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
>>>>> ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) 
>>>>> Mac=SHA1
>>>>> ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256)
>>>>> Mac=AEAD
>>>>> ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
>>>>> Enc=AESGCM(256) Mac=AEAD
>>>>> ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)
>>>>> Mac=SHA384
>>>>> ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)
>>>>> Mac=SHA384
>>>>> ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
>>>>> ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  Mac=SHA1
>>>>> AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) 
>>>>> Mac=AEAD
>>>>> AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  
>>>>> Mac=SHA256
>>>>> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>> CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) 
>>>>> Mac=SHA1
>>>>> PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
>>>>> ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>> ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) Mac=SHA1
>>>>> SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
>>>>> SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>> EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>> EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
>>>>> AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
>>>>> SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=None Enc=3DES(168) Mac=SHA1
>>>>> ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
>>>>> ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
>>>>> ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
>>>>> DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>> DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
>>>>> PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
>>>>> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128)
>>>>> Mac=AEAD
>>>>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
>>>>> Enc=AESGCM(128) Mac=AEAD
>>>>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  
>>>>> Mac=SHA256
>>>>> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)
>>>>> Mac=SHA256
>>>>> ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>> ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
>>>>> SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
>>>>> SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>> DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128)
>>>>> Mac=AEAD
>>>>> DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128)
>>>>> Mac=AEAD
>>>>> DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  
>>>>> Mac=SHA256
>>>>> DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  
>>>>> Mac=SHA256
>>>>> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>>>>> DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
>>>>> DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
>>>>> DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) 
>>>>> Mac=SHA1
>>>>> DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) 
>>>>> Mac=SHA1
>>>>> AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
>>>>> SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=None Enc=AES(128)  Mac=SHA1
>>>>> ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) 
>>>>> Mac=AEAD
>>>>> ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  
>>>>> Mac=SHA256
>>>>> ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
>>>>> ADH-SEED-SHA            SSLv3 Kx=DH       Au=None Enc=SEED(128) Mac=SHA1
>>>>> ADH-CAMELLIA128-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(128) 
>>>>> Mac=SHA1
>>>>> ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128)
>>>>> Mac=AEAD
>>>>> ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
>>>>> Enc=AESGCM(128) Mac=AEAD
>>>>> ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)
>>>>> Mac=SHA256
>>>>> ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)
>>>>> Mac=SHA256
>>>>> ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
>>>>> ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  Mac=SHA1
>>>>> AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) 
>>>>> Mac=AEAD
>>>>> AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  
>>>>> Mac=SHA256
>>>>> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>> SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
>>>>> CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) 
>>>>> Mac=SHA1
>>>>> IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
>>>>> IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
>>>>> RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
>>>>> PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
>>>>> ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
>>>>> ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
>>>>> AECDH-RC4-SHA           SSLv3 Kx=ECDH     Au=None Enc=RC4(128)  Mac=SHA1
>>>>> ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5
>>>>> ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
>>>>> ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  Mac=SHA1
>>>>> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>>>>> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>> PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
>>>>> EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
>>>>> EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
>>>>> ADH-DES-CBC-SHA         SSLv3 Kx=DH       Au=None Enc=DES(56)   Mac=SHA1
>>>>> DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
>>>>> DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5
>>>>> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1
>>>>> export
>>>>> EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1
>>>>> export
>>>>> EXP-ADH-DES-CBC-SHA     SSLv3 Kx=DH(512)  Au=None Enc=DES(40)   Mac=SHA1
>>>>> export
>>>>> EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1
>>>>> export
>>>>> EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5
>>>>>  export
>>>>> EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5
>>>>>  export
>>>>> EXP-ADH-RC4-MD5         SSLv3 Kx=DH(512)  Au=None Enc=RC4(40)   Mac=MD5
>>>>>  export
>>>>> EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5
>>>>>  export
>>>>> EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5
>>>>>  export
> 
>>>>> I'm out of ideas... Any help would be greatly appritiated.
> 
>>>>> Stuart Sheldon
> 
>>>>> _______________________________________________
>>>>> Openvas-plugins mailing list
>>>>> [email protected]
>>>>> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
> 
> 
> 
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQgXKjAAoJEFdbOg70fJiaJlkIAIVvQz3fyT7ene02vWcs1LnR
guVg45UZtIbBNNgRJJ1qNPyidkpMMmpd53rHCPd1outkNqK5U0JFbP39TawCUJtw
ofMycJnGsbxN8Zq9AqXgA+DbNqW574hmmZsCvc5hBJWpNaqJGQHg9o2uSP5EF4py
UUkRt5NIBy9iqC2nHdrfF2OvDWGqtjsO/s9Bma3ltlHTdgB19xY1f0++4/bVdFrg
HmSnsjrVvns0uS/olHJMAoWqeFm6rZflFGOlyMZTfdKbBNlNf1eM3PmV4Bj9zU9R
pVx6mDTPdhvUXS/uB9s3mj1JjNRjImAlUZNJVV88tj/ESHNuR/xuTjPOClzaRz4=
=fb3g
-----END PGP SIGNATURE-----

Title: OpenVAS Scan Report

OpenVAS Scan Report

This report gives details on hosts that were tested and issues that were found. Please follow the recommended steps and procedures to eradicate these threats.

Scan Details
Hosts which were alive and responding during test	1
Number of security holes found	0
Number of security warnings found	1
Number of security notes found	0

Host List
Host(s)	Possible Issue
XXX.XX.100.15	Security warning(s) found

[ return to top ]

Analysis of Host
Address of Host	Port/Service	Issue regarding Port
XXX.XX.100.15	https (443/tcp)	Security warning(s) found
XXX.XX.100.15	general/tcp	No Information

Security Issues and Fixes: XXX.XX.100.15
Type	Port	Issue and Fix
Warning	https (443/tcp)	Server will not support SSLv2 Ciphers. Server supports SSLv3 ciphers. Server supports TLSv1 ciphers. Server supported ciphers are SSL3_RSA_RC4_40_MD5 : SSL_EXPORT SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP SSL3_RSA_RC2_40_MD5 : SSL_EXPORT SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP SSL3_ADH_RC4_40_MD5 : SSL_EXPORT SSL3_ADH_RC4_128_MD5 : SSL_NOT_EXP SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT SSL3_ADH_DES_64_CBC_SHA : SSL_NOT_EXP SSL3_ADH_DES_192_CBC_SHA : SSL_NOT_EXP SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP SSL3_ADH_WITH_AES_128_SHA : SSL_NOT_EXP SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP SSL3_ADH_WITH_AES_256_SHA : SSL_NOT_EXP TLS1_RSA_RC4_40_MD5 : SSL_EXPORT TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP TLS1_RSA_RC2_40_MD5 : SSL_EXPORT TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP TLS1_ADH_RC4_40_MD5 : SSL_EXPORT TLS1_ADH_RC4_128_MD5 : SSL_NOT_EXP TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT TLS1_ADH_DES_64_CBC_SHA : SSL_NOT_EXP TLS1_ADH_DES_192_CBC_SHA : SSL_NOT_EXP TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP TLS1_ADH_WITH_AES_128_SHA : SSL_NOT_EXP TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP TLS1_ADH_WITH_AES_256_SHA : SSL_NOT_EXP Weak Ciphers SSL3_RSA_RC4_40_MD5 : SSL_EXPORT SSL3_RSA_RC2_40_MD5 : SSL_EXPORT SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT SSL3_ADH_RC4_40_MD5 : SSL_EXPORT SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT TLS1_RSA_RC4_40_MD5 : SSL_EXPORT TLS1_RSA_RC2_40_MD5 : SSL_EXPORT TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT TLS1_ADH_RC4_40_MD5 : SSL_EXPORT TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT OpenVAS ID : 1.3.6.1.4.1.25623.1.0.103440

This file was generated by the OpenVAS security scanner.

Result on port 993 :
=====================
1350630557 1 SMTP/headers/To=postmaster@[XXX.XX.100.15]
1350630572 3 ftp/21/broken=1
1350630593 3 Launched/1.3.6.1.4.1.25623.1.0.900239=1
1350630593 1 TCP/PORTS=993
1350630593 1 Ports/open/tcp=993
1350630593 1 HostDetails=ports
1350630593 1 HostDetails/NVT/1.3.6.1.4.1.25623.1.0.900239/ports=993
1350630593 1 HostDetails=tcp_ports
1350630593 1 HostDetails/NVT=1.3.6.1.4.1.25623.1.0.900239
1350630593 1 HostDetails/NVT/1.3.6.1.4.1.25623.1.0.900239/tcp_ports=993
1350630593 1 SentData/1.3.6.1.4.1.25623.1.0.900239/LOG=Open TCP ports: 993
1350630593 3 Success/1.3.6.1.4.1.25623.1.0.900239=1
1350630593 3 Launched/1.3.6.1.4.1.25623.1.0.900234=1
1350630742 1 secpod_ssl_ciphers/993/report=Server supports SSLv2 
ciphers.\n\nServer supports SSLv3 ciphers.\n\nServer supports TLSv1 
ciphers.\n\nServer supported ciphers are \n  SSL3_RSA_RC4_128_MD5 : 
SSL_NOT_EXP\n  SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP\n  SSL3_RSA_DES_192_CBC3_SHA 
: SSL_NOT_EXP\n  SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP\n  
SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP\n  SSL3_RSA_WITH_AES_256_SHA : 
SSL_NOT_EXP\n  SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP\n  
TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP \n  TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP \n  
TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP \n  TLS1_EDH_RSA_DES_192_CBC3_SHA : 
SSL_NOT_EXP \n  TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP \n  
TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP \n  TLS1_DHE_RSA_WITH_AES_256_SHA : 
SSL_NOT_EXP \n\nNone of the weak ciphers are supported
1350630742 3 Launched/1.3.6.1.4.1.25623.1.0.103440=1

i.e 
====
secpod_ssl_ciphers/993/report

Server supports SSLv2 ciphers.

Server supports SSLv3 ciphers.

Server supports TLSv1 ciphers.

Server supported ciphers are 
SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP
SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP
SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP 
TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP 
TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP 
TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP 
TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP 
TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP 
TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP 

None of the weak ciphers are supported

Result on port 993 :
=====================
1350631052 1 SMTP/headers/To=postmaster@[XXX.XX.100.15]
1350631067 3 ftp/21/broken=1
1350631087 3 Launched/1.3.6.1.4.1.25623.1.0.900239=1
1350631087 1 TCP/PORTS=995
1350631087 1 Ports/open/tcp=995
1350631087 1 HostDetails=ports
1350631087 1 HostDetails/NVT/1.3.6.1.4.1.25623.1.0.900239/ports=995
1350631087 1 HostDetails=tcp_ports
1350631087 1 HostDetails/NVT=1.3.6.1.4.1.25623.1.0.900239
1350631087 1 HostDetails/NVT/1.3.6.1.4.1.25623.1.0.900239/tcp_ports=995
1350631087 1 SentData/1.3.6.1.4.1.25623.1.0.900239/LOG=Open TCP ports: 995
1350631087 3 Success/1.3.6.1.4.1.25623.1.0.900239=1
1350631087 3 Launched/1.3.6.1.4.1.25623.1.0.900234=1
1350631265 1 secpod_ssl_ciphers/995/report=Server supports SSLv2 
ciphers.\n\nServer supports SSLv3 ciphers.\n\nServer supports TLSv1 
ciphers.\n\nServer supported ciphers are \n  SSL3_RSA_RC4_128_MD5 : 
SSL_NOT_EXP\n  SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP\n  SSL3_RSA_DES_192_CBC3_SHA 
: SSL_NOT_EXP\n  SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP\n  
SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP\n  SSL3_RSA_WITH_AES_256_SHA : 
SSL_NOT_EXP\n  SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP\n  
TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP \n  TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP \n  
TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP \n  TLS1_EDH_RSA_DES_192_CBC3_SHA : 
SSL_NOT_EXP \n  TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP \n  
TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP \n  TLS1_DHE_RSA_WITH_AES_256_SHA : 
SSL_NOT_EXP \n\nNone of the weak ciphers are supported
1350631265 3 Launched/1.3.6.1.4.1.25623.1.0.103440=1

i.e 
====
secpod_ssl_ciphers/995/report

Server supports SSLv2 ciphers.

Server supports SSLv3 ciphers.

Server supports TLSv1 ciphers.

Server supported ciphers are 
SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP
SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP
SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP 
TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP 
TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP 
TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP 
TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP 
TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP 
TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP 

None of the weak ciphers are supported

_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

Re: [Openvas-plugins] Seeing issues with SSL Detection

Reply via email to