[Pkg-openssl-devel] Bug#338006: Doesn't seem to fix the problems
with Nessus
Javier Fernández-Sanguino Peña
jfs at computer.org
Sat Feb 11 21:35:07 UTC 2006
The latest OpenSSL version (0.9.8-6) does not seem to fix the problem with
Nessus, actually, it makes it work since now the workaround of using a
restricted set of ciphers no longer works either:
If you try to connect the Nessus client with the server you get this:
[26753] SSL_connect: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure
nessus : SSL error
And using the standard OpenSSL client:
$ openssl s_client -connect localhost:1241 -ssl3 -CAfile \
/var/lib/nessus/CA/cacert.pem -bugs -no_ssl2
CONNECTED(00000003)
26745:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1057:SSL alert number 40
26745:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:534:
So it seems that the fix introduced a different behaviour [1], but it's still
broken.
Should be easy to reproduce, just install Nessus, make a certificate and try
to connect to the Nessus server...
:-(
Javier
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
In which the error was
SSL_connect: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad record mac
nessus : SSL error
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20060211/0bab50d8/attachment.pgp
More information about the Pkg-openssl-devel
mailing list