[openvas-discuss] OpenVAS and OpenSSL
jan-oliver.wagner at intevation.de
Fri Jul 14 23:36:48 CEST 2006
On Monday 29 May 2006 17:52, Thomas Reinke wrote:
> 2) Move to GNUTLS and disregard support for SSLv2.
> On this front, the issue is that, for those not
> aware, GNUTLS supports SSLv3 and TLSv1, but does NOT support
> SSLv2. Almost everyone using SSL supports SSLv3 and/or TLSv1
> Almost. There are a very few number of servers out there that
> do not. The SecuritySpace SSL server surveys show 446 servers
> supporting ONLY SSLv2, out of a sample size of 250,110 servers.
> The rest all supported SSLv3 and/or TLSv1.
> This set of servers would not be testable via SSL.
> If this minor subset of systems that support SSLv2 is
> important enough to worry about, I'd suggest a script that
> tested open ports that only supported SSLv2, and then flagged
> said ports as being untestable (and further, something the
> admin should be upgrading anyways).
since I was a bit curious, I tried out how complicated it will
be to switch from openssl to gnutls.
In short: I got a openvasd running with gnutls. I can connect to it
via SSL and most things seem to work :-)
There are some things that don't work out of the box: the fetch tool
and the openvas-check-signature tool. Also some other things
I needed to switch off.
I applied the openssl compatibility layer for this test.
Jan-Oliver Wagner: www.intevation.de/~jan | GISpatcher: www.gispatcher.de
Kolab Konsortium : www.kolab-konsortium.de | Thuban : thuban.intevation.org
Intevation GmbH : www.intevation.de | Kolab : www.kolab.org
FreeGIS : www.freegis.org | GAV : www.grass-verein.de
More information about the Openvas-discuss