[Openvas-discuss] OPENVASMD 9390/TCP Weak Ciphers

Jason Garin j_garin5 at yahoo.com
Tue May 27 21:54:27 CEST 2014

Are the --gnutls-priorities and --dhparams arguments available for v6. I know they are available for v5.

On Monday, May 26, 2014 5:38 AM, Reindl Harald <h.reindl at thelounge.net> wrote:

Am 26.05.2014 13:58, schrieb Hani Benhabiles:
> On 2014-05-26 12:07, Reindl Harald wrote:
> Because there is no such thing as "default" DH parameters to be used for 
> DHE by the server. Not with GnuTLS 2.x nor
> with GnuTLS 3.x...
> Don't trust me ?
> - Check openssl s_server's -dhparam
> - Check gnutls's --dhparams
> - Check nginx' ssl_dhparam configuration
> - Check openvpn's --dh
> etc,...

that must be why Apache can offer DHE for years without
specific configurations and even if it needs dh-params
it can be not that hard to generate them automatically

* dovecot can
* postfix can
* apache can

only GSA can't

[harry at rh:~]$ sslscan openvas | grep Accepted
    Accepted  SSLv3  256 bits  AES256-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  128 bits  RC4-SHA
    Accepted  SSLv3  128 bits  RC4-MD5
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  256 bits  CAMELLIA256-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  CAMELLIA128-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Accepted  TLS11  256 bits  AES256-SHA
    Accepted  TLS11  256 bits  CAMELLIA256-SHA
    Accepted  TLS11  168 bits  DES-CBC3-SHA
    Accepted  TLS11  128 bits  AES128-SHA
    Accepted  TLS11  128 bits  CAMELLIA128-SHA
    Accepted  TLS11  128 bits  RC4-SHA
    Accepted  TLS11  128 bits  RC4-MD5

Openvas-discuss mailing list
Openvas-discuss at wald.intevation.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20140527/f22fb8fc/attachment.html>

More information about the Openvas-discuss mailing list