"Yoni - Shocksite" <[EMAIL PROTECTED]> writes: > What is paranoi_level ? > What are the possible setting ?
Read nessus-core/README_SSL 5.3. The client The client has three "levels of paranoia" (see paranoia_level in .nessusrc) 1. The certificate hash is matched against what was previously stored in .nessusrc.cert If the certificate was modified (or is brand new), nessus will ask you if you accept it. Please read it *carefully* and answer "yes" or "no". If "no", the connection will be rejected. If "yes", the certificate SHA1 hash will be stored into .nessusrc.cert and nessus will never bother you again with it, EVEN WHEN THE CERTIFICATE BECOMES OUT OF DATE! 2. The certificate will be accepted IF AND ONLY IF it is signed by a trusted CA. In .nessusrc, trusted_ca should point to the right CA file. We rely entirely upon OpenSSL for all this, and the certificate will be rejected as soon as it is out of date, as far as I know. Use this level if you manage many servers. 3. The certificate MUST be accepted by OpenSSL first, i.e. be valid AND signed by a trusted CA. After that, the behaviour looks like level (1) This level is good for paranoid who manage several servers. _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
