*** Simon Josefsson <[email protected]> wrote: > Michael Meyer <[email protected]> writes: > Identifying that with confidence requires access to the server to look > at the actual server system. Looking at logs and/or the binaries may > help.
There is a trial version available at http://www.oracle.com/technology/software/products/ias/htdocs/wls_main.html I have Oracle WebLogic Server 10.3 (also the trial version) running under a Microsoft Windows XP. > I don't think defaulting to insecure mode is a good idea. [...] > Using GnuTLS in known insecure modes just because there are broken > servers out there doesn't seem like a good idea. Then you might as well > not use TLS at all, and just use TCP? Let me explain. OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner. OpenVAS is a GPL fork of Nessus. I try to write a plugin for http://www.securityfocus.com/bid/37926 Normaly this is very simple. See http://intevydis.blogspot.com/2010/01/oracle-weblogic-1032-node-manager-fun.html For that a SSL connection is required. in NASL (Nessus Attack Scripting Language) it would look like (simplified): ,---| | port = 5556; | soc = open_sock_tcp(port, transport: ENCAPS_SSLv3); # or ENCAPS_SSLv23, ENCAPS_TLSv1 | | if(!soc) { | display("NO SOCKET\n\n"); | } else { | display("SOCKET OK\n\n"); | send(socket:soc, data: string("HELLO asdf\r\n")); | buf = recv(socket:soc, length: 512); | display("\n",buf,"\n\n"); | close(soc); | } `---| Result should be "+OK Node manager v10.3 started". I got always "NO SOCKET". With any kind of "transport". GnuTLS error at this point is: "A TLS fatal alert has been received". At this point, it's a problem, if GnuTLS (rather the NASL function open_sock_tcp() which is using GnuTLS) cant't connect to the remote service because of some problems (e.g. broken certificate, insecure cipher, ...) on the remote side. It means that I can not recognize the vulnerability. That's bad. ;) That's why i need - whenever humanly possible - a succesfull connection. In this case I'm not interested whether the connection is really secure. Micha _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
