On Thu, Apr 15, 2004 at 01:32:58PM -0400, John Tannahill wrote:
> Can anyone summarise how this plugin is setup and how it works /
> dependencies etc. The reason for question:
>
> Scan of http/https server (ssl is openssl):
>
> 1. Scan with unknown nessus machine (3rd party) identifies weak ciphers (5
> strong ciphers and 2 weak ciphers) - the http/https server is configured
> with both more weak and strong ciphers than nessus picked up
If you have access (port 1241) to the remote Nessus machine, you can get
the version by reading your ~/.nessusrc (server_version).
>
> 2. Rescan to check with Nessusd 2.0.1 on Mandrake Linux - this version of
> nessus does not have plugin - based on checking plugin info on nessus.org
> this plugin should be available in this version
Probably because OpenSSL is not installed at all - do a nessusd -d and
you'll see something about clear-text communication.
>
> 3. Rescan to check with Nessusd 2.0.9 on Solaris - plugin is available but
> weak cipher problem not identified
Michel will probably reply, but there was a bug in the earlier versions
of this plugin where it would happily mix the ciphers the plugin itself
knows about with the ciphers offered by the remote site.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
