The latest OpenSSL version (0.9.8-6) does not seem to fix the problem with Nessus, actually, it makes it work since now the workaround of using a restricted set of ciphers no longer works either:
If you try to connect the Nessus client with the server you get this:
[26753] SSL_connect: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure
nessus : SSL error
And using the standard OpenSSL client:
$ openssl s_client -connect localhost:1241 -ssl3 -CAfile \
/var/lib/nessus/CA/cacert.pem -bugs -no_ssl2
CONNECTED(00000003)
26745:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1057:SSL alert number 40
26745:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:534:
So it seems that the fix introduced a different behaviour [1], but it's still
broken.
Should be easy to reproduce, just install Nessus, make a certificate and try
to connect to the Nessus server...
:-(
Javier
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343487
In which the error was
SSL_connect: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert
bad record mac
nessus : SSL error
signature.asc
Description: Digital signature
