Bingo! The openssl command below gave me enough info to see that there was a problem with my client cert. Creating a new client cert solved the problem
Thanks! ----- Original Message ----- From: "George A. Theall" <[EMAIL PROTECTED]> To: "Don Maxwell" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, December 17, 2002 5:00 PM Subject: Re: Error: NTP/1.2 > On Tue, 17 Dec 2002, Don Maxwell wrote: > > > Connections from NessusWX 1.4.2 to nessusd 1.2.7 result in these messages: > > Nessus Console [Version 1.4.2] Ready > > SSL library initialized > > Connecting to server nessushost (port 1241) using TLSv1 encrypted > > connection... > > SSL connection using DES-CBC3-SHA > > ERROR: Server doesn't support NTP/1.2 protocol. Connection terminated. > > > > I "upgraded" last Friday to OpenSSL 9.6g, after which my Nessus activity was > > fine. After a server reboot today, Nessus now fails with the error message > > above. After a new OpenSSL upgrade, the server cert was accepted, so there > > was some communication to start with. > > I haven't yet tried 1.2.7, but I suspect you have a problem with your > certs. The specific error message you received indicates the NessusWX > client managed to connect to the server and send the initial protocol > request but didn't get anything back, likely because the server couldn't > validate the client certification. > > Try using the OpenSSL s_client command to connect to your server; eg, > "openssl s_client -connect yourhost:1241 -tls1 -cert > cert_nessuswx_yourusername.pem -CAfile > /usr/local/com/nessus/CA/cacert.pem" [adjust the filenames to match your > setup]. You may wish to play around with the -debug and -verify options > as well as use openssl's x509 command to examine your certificates. > > > George > -- > [EMAIL PROTECTED] > - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
