[openvas-discuss] OpenVAS and OpenSSL

Jan-Oliver Wagner jan-oliver.wagner at intevation.de
Fri Jul 14 23:36:48 CEST 2006


Hello Thomas,

On Monday 29 May 2006 17:52, Thomas Reinke wrote:
> 2) Move to GNUTLS and disregard support for SSLv2.
>
>     On this front, the issue is that, for those not
>     aware, GNUTLS supports SSLv3 and TLSv1, but does NOT support
>     SSLv2.  Almost everyone using SSL supports SSLv3 and/or TLSv1
>     Almost.  There are a very few number of servers out there that
>     do not. The SecuritySpace SSL server surveys show 446 servers
>     supporting ONLY SSLv2, out of a sample size of 250,110 servers.
>     The rest all supported SSLv3 and/or TLSv1.
>
>     This set of servers would not be testable via SSL.
>     If this minor subset of systems that support SSLv2 is
>     important enough to worry about, I'd suggest a script that
>     tested open ports that only supported SSLv2, and then flagged
>     said ports as being untestable (and further, something the
>     admin should be upgrading anyways).

since I was a bit curious, I tried out how complicated it will
be to switch from openssl to gnutls.

In short: I got a openvasd running with gnutls. I can connect to it
via SSL and most things seem to work :-)

There are some things that don't work out of the box: the fetch tool
and the openvas-check-signature tool. Also some other things
I needed to switch off.

I applied the openssl compatibility layer for this test.

Best

	Jan
-- 
Jan-Oliver Wagner: www.intevation.de/~jan  | GISpatcher: www.gispatcher.de
Kolab Konsortium : www.kolab-konsortium.de | Thuban    : thuban.intevation.org
Intevation GmbH  : www.intevation.de       | Kolab     : www.kolab.org
FreeGIS          : www.freegis.org         | GAV       : www.grass-verein.de




More information about the Openvas-discuss mailing list