Opened 19 years ago
Closed 19 years ago
#4335 closed defect (fixed)
BUG: nessus-core 2.2.4_1-client SSL error
| Reported by: | don.rugh@… | Owned by: | opendarwin.org@… |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 1.0 |
| Keywords: | Cc: | ||
| Port: |
Description
When attempting to connect from the nessus client to the server, the client displays the following error:
Error: [2102] SSL_connect: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
Mac OS X Server 10.4.2, Xserve The following ports are currently installed:
atk 1.9.1_0 (active) expat 1.95.8_1 (active) fontconfig 2.2.3_1 (active) freetype 2.1.9_1 (active) gd2 2.0.33_2 (active) gettext 0.14.3_1 (active) glib2 2.6.5_0 (active) gtk2 2.6.8_0+darwin_8 (active) jpeg 6b_1 (active) libiconv 1.9.2_1 (active) libnasl 2.2.4_0 (active) libpng 1.2.8_2+darwin_8 (active) nessus-core 2.2.4_1 (active) nessus-libraries 2.2.4_0 (active) nessus-plugins 2.2.4_0 (active) openssl 0.9.8_0 (active) pango 1.8.1_0 (active) pkgconfig 0.17.2_1 (active) render 0.8_2 (active) squid 2.5.STABLE10_1 (active) tiff 3.7.3_0 (active) wget 1.10_0 (active) Xft2 2.1.6_0 (active) xrender 0.8.4_0 (active) zlib 1.2.3_0 (active)
On another test system, a Mini, also running same OS, it nessus runs OK -- in fact, I can use an Xserve client to connect to the Mini's server, a Mini client to connect to the Xserve server -- it's just the Xserve client that will not connect to the Xserve server. On the Mini: The following ports are currently installed:
atk 1.9.0_0 (active) expat 1.95.8_1 (active) fontconfig 2.2.3_1 (active) freetype 2.1.9_1 (active) gd2 2.0.28_0 (active) gettext 0.14.3_1 (active) glib2 2.6.4_0 (active) gtk2 2.6.7_0+darwin_8 (active) jpeg 6b_0 (active) libiconv 1.9.2_1 (active) libnasl 2.2.4_0 (active) libpng 1.2.8_1 (active) lynx 2.8.5rel.2_0+ssl (active) nessus-core 2.2.4_0 (active) nessus-libraries 2.2.4_0 (active) nessus-plugins 2.2.4_0 (active) openssl 0.9.7g_0 (active) p5-crypt-des 2.03_0 (active) p5-digest-hmac 1.01_2 (active) p5-digest-sha1 2.10_0 (active) p5-net-snmp 5.0.1_0 (active) pango 1.8.0_0 (active) pcre 5.0_0 (active) perl5.8 5.8.6_1 (active) pkgconfig 0.17.2_0 (active) render 0.8_2 (active) snort 2.3.3_0 (active) squid 2.5.STABLE8_0 (active) tiff 3.7.1_0 (active) Xft2 2.1.6_0 (active) xrender 0.8.4_0 (active) zlib 1.2.2_1 (active)
Note the different versions of openssl and nessus-core -- dk if this is an issue or not. HELP!
Change History (3)
comment:1 Changed 19 years ago by toby@…
| severity: | blocker → normal |
|---|
comment:2 Changed 19 years ago by opendarwin.org@…
| Status: | new → assigned |
|---|
comment:3 Changed 19 years ago by opendarwin.org@…
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
added patches to add "ssl_version = sslv3" to auto-generated .nessusrc and nessusd.conf files
There's something wrong w/ TLSv1 between nessus, Mac OS X (at least 10.4.2), and OpenSSL 0.9.8 (at least). I've been (very slowly) hunting it out this week, nothing yet. As a work-around, you can set "ssl_version=sslv3" in ~/.nessusrc and the nessusd config file.