Re: [Openvas-plugins] Seeing issues with SSL Detection

Stuart Sheldon Fri, 19 Oct 2012 18:14:45 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Veerendra,


I'm of the opinion that this is a setup problem on my side. I installed
to 12.04 Ubuntu and prebuilt packages off the site, and am still seeing
the same issue.

Is this a problem that may be an issue with the debian / ubuntu libraries?

I'm going to do additional testing, but at this point, I'm at a loss as
to what this issue is.

Stu


On 10/19/2012 08:32 AM, Veerendra Ganiger wrote:
> Hi,
> 
> Thank you for providing the report.
> 
> Attaching report of XXX.XX.100.15 (given host) for port 443, 993, 995
> along with this mail.
> 
> NVT worked as expected for above port all the time.
> 
> But it was not working properly for port 465, when investigated found
> that port is giving response as "Connection rate limit exceeded. "
> This case is not handled properly in NVT leading to false positive.
> 
> Updated NVT to handle the above case properly, also improved the
> detection mechanism.
> 
> NOTE : On port 465 updated NVT gives empty report or partial report, as
> the problem exists at server side i.e Connection rate limit exceeded
> 
> Please take updated scripts (secpod_ssl_ciphers.nasl
> secpod_ssl_ciphers.inc) from trunk and test once again.
> 
> NOTE : Results of both NVT and ssl-enum are exactly same.
> 
> Please let me know, still you are having some problem.
> 
> 
> Thanks!
> Veerendra
> 
> On Thursday 18 October 2012 09:05 PM, Stuart Sheldon wrote:
>> Hi Veerendra,
> 
>> This is off list. I've attached the scan settings and the scan results
>> for XXX.XX.100.15. Here is the results of './ssl-enum -s XXX.XX.100.15
>> -p 993 -v 2' from the OpenVAS server:
> 
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
> 
>> Here are the results of './ssl-enum -s XXX.XX.100.15 -p 443 -v 2':
> 
>> HandshakeFailure
>> HandshakeFailure
>> 0x03 SSL3_RSA_RC4_40_MD5     SSL_EXPORT
>> 0x06 SSL3_RSA_RC2_40_MD5     SSL_EXPORT
>> 0x08 SSL3_RSA_DES_40_CBC_SHA SSL_EXPORT
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> 0x14 SSL3_EDH_RSA_DES_40_CBC_SHA     SSL_EXPORT
>> 0x17 SSL3_ADH_RC4_40_MD5     SSL_EXPORT
>> 0x19 SSL3_ADH_DES_40_CBC_SHA SSL_EXPORT
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> 0x03 TLS1_RSA_RC4_40_MD5     SSL_EXPORT
>> 0x06 TLS1_RSA_RC2_40_MD5     SSL_EXPORT
>> 0x08 TLS1_RSA_DES_40_CBC_SHA SSL_EXPORT
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> 0x14 TLS1_EDH_RSA_DES_40_CBC_SHA     SSL_EXPORT
>> 0x17 TLS1_ADH_RC4_40_MD5     SSL_EXPORT
>> 0x19 TLS1_ADH_DES_40_CBC_SHA SSL_EXPORT
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
>> HandshakeFailure
> 
>> You are welcome to scan XXX.XX.100.15 to verify you are getting the same
>> results as I am. If you need access to anything else, please let me know!
> 
>> Stu
> 
> 
> 
> 
>> On 10/18/2012 01:31 AM, Veerendra Ganiger wrote:
>>> Hello
> 
>>> Tested once again and it's able to detect supported ciphers and for Weak
>>> Ciphers for SSLv2, SSLv3, TLSv1. Working as expected.
> 
>>> Please have a look at below report.
> 
>>> Scan using SSL-Enum (http://code.google.com/p/ssl-enum) and compare the
>>> result against openvas report.
> 
>>> If possible off-record from the list, please share IP to reproduce and
>>> investigate the issue to my email id [email protected]
> 
> 
>>> Reported by NVT "Check for SSL Weak Ciphers" (1.3.6.1.4.1.25623.1.0.103440):
> 
>>> Server supports SSLv2 ciphers.
> 
>>> Server supports SSLv3 ciphers.
> 
>>> Server supports TLSv1 ciphers.
> 
>>> Server supported ciphers are
>>>   SSL2_RC4_128_MD5 : SSL_NOT_EXP
>>>   SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT
>>>   SSL2_RC2_CBC_128_CBC_WITH_MD5 : SSL_NOT_EXP
>>>   SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT
>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>>   SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>>   TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>   TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>   TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>   TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
> 
>>> Weak Ciphers
>>>   SSL2_RC4_128_EXPORT40_WITH_MD5 : SSL_EXPORT
>>>   SSL2_RC2_CBC_128_CBC_EXPORT40_WITH_MD5 : SSL_EXPORT
>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
> 
> 
>>> Thanks!
>>> Veerendra
> 
>>> On Thursday 18 October 2012 03:25 AM, Stuart Sheldon wrote:
>>>> Hi Veerendra,
> 
>>>> Thank you so much for your help! I'm still not seeing anything on 443...
>>>> I would expect it to fail with ssl2 enabled.
> 
>>>> Here are the results of 993... I'm pretty sure none of the weak ciphers
>>>> listed are running:
> 
>>>> Server will not support SSLv2 Ciphers.
> 
>>>> Server will not support SSLv3 Ciphers.
> 
>>>> Server supports TLSv1 ciphers.
> 
>>>> Server supported ciphers are
>>>>   SSL3_NULL_NULL_NULL : SSL_EXPORT
>>>>   SSL3_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>   SSL3_RSA_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>>>   SSL3_RSA_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_IDEA_128_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>   SSL3_ADH_RC4_128_MD5 : SSL_NOT_EXP
>>>>   SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_ADH_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_DES_192_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>   SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>   SSL3_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_KRB5_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP
>>>>   SSL3_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP
>>>>   SSL3_KRB5_RC4_128_MD5 : SSL_NOT_EXP
>>>>   SSL3_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP
>>>>   SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>   SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>   SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>   SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>   SSL3_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>   SSL3_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_NULL_NULL_NULL : SSL_EXPORT
>>>>   TLS1_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>   TLS1_RSA_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_RC4_128_MD5 : SSL_NOT_EXP
>>>>   TLS1_RSA_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_IDEA_128_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_EDH_DSS_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_EDH_DSS_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_EDH_RSA_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_EDH_RSA_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>   TLS1_ADH_RC4_128_MD5 : SSL_NOT_EXP
>>>>   TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_ADH_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_DES_192_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>   TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>   TLS1_KRB5_DES_64_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_KRB5_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_KRB5_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_KRB5_IDEA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_KRB5_DES_64_CBC_MD5 : SSL_NOT_EXP
>>>>   TLS1_KRB5_DES_192_CBC3_MD5 : SSL_NOT_EXP
>>>>   TLS1_KRB5_RC4_128_MD5 : SSL_NOT_EXP
>>>>   TLS1_KRB5_IDEA_128_CBC_MD5 : SSL_NOT_EXP
>>>>   TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>   TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>   TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>   TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>   TLS1_DH_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_DSS_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_RSA_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_WITH_AES_128_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_DSS_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_RSA_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_WITH_AES_256_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_WITH_CAMELLIA_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>   TLS1_DHE_DSS_WITH_RC4_128_SHA : SSL_NOT_EXP :
>>>>   TLS1_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_WITH_CAMELLIA_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_ECDSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_RSA_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_RSA_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_RSA_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_RSA_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_anon_WITH_RC4_128_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_anon_WITH_DES_192_CBC3_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_anon_WITH_AES_128_CBC_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_anon_WITH_AES_256_CBC_SHA : SSL_NOT_EXP
> 
>>>> Weak Ciphers
>>>>   SSL3_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>   SSL3_RSA_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>   SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>   SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>   SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>   SSL3_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>   SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>   SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>   SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>   SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>   SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>   TLS1_RSA_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>   TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>   TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>   TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>   TLS1_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>   TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>   TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>   TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>   TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>   TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>   TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
> 
>>>> Stu
> 
> 
>>>> On 10/17/2012 01:07 AM, Veerendra Ganiger wrote:
>>>>> Hi Stuart,
> 
>>>>> Thank you for reporting.
> 
>>>>> According to below report, it listed week cipher list only. To get
>>>>> supported cipher list please enable "List SSL Supported Ciphers" in the
>>>>> preference (the plugin might take good amount of time to complete, it is
>>>>> advised to increase the plugin timeout, if no results appear), so that
>>>>> it can be compared with SSLSCAN which is listing supported ciphers.
> 
>>>>> Please let us know, if you still find false positive.
>>>>> If possible, try SSL-Enum as well http://code.google.com/p/ssl-enum
> 
>>>>> In the below report it said "Server will not support SSLv3 Ciphers." but
>>>>> it listed SSLv3 weak ciphers. It seems that message should not come. We
>>>>> will investigate on this issue.
> 
>>>>> If possible off-record from the list, please share IP to reproduce and
>>>>> investigate the failure. my email id [email protected]
> 
>>>>> NOTE: Make sure you have latest NVT's.
> 
> 
>>>>> Thanks!
>>>>> Veerendra
> 
>>>>> On Tuesday 16 October 2012 01:40 AM, Stuart Sheldon wrote:
>>>>>> Hi,
> 
>>>>>> I'm getting false positives and negatives where there should be
>>>>>> positives from:
> 
>>>>>> NVT: Check for SSL Weak Ciphers (OID: 1.3.6.1.4.1.25623.1.0.103440).
> 
>>>>>> Problem may extend to:
> 
>>>>>> NVT: Check for SSL Medium Ciphers (OID: 1.3.6.1.4.1.25623.1.0.902816)
> 
>>>>>> False positives are registered on ports: 465, 993, 995 (dovecot and
>>>>>> sendmail are running on target). Ironically, it does not detect any weak
>>>>>> ciphers on https which was set to accept all.
> 
>>>>>> Target is running Debian Squeeze. OpenVAS server is running the 
>>>>>> following:
> 
>>>>>> Debian Wheezy
>>>>>> Re-compiled openssl/libssl package with all ciphers and protocols
>>>>>> enabled (1.0.0).
>>>>>> NMap 6.01 compiled from source.
>>>>>> OpenNAS release 5 compiled from source.
> 
>>>>>> Target scan returns the following on ports 465, 993, 995:
> 
>>>>>> ------ Start NVT Report Detail ---------
>>>>>> Server will not support SSLv2 Ciphers.
> 
>>>>>> Server will not support SSLv3 Ciphers.
> 
>>>>>> Server supports TLSv1 ciphers.
> 
>>>>>> Weak Ciphers
>>>>>>   SSL3_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>>>   SSL3_RSA_NULL_SHA : SSL_NOT_EXP
>>>>>>   SSL3_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>>>   SSL3_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>>>   SSL3_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>>>   SSL3_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>>>   SSL3_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>>>   SSL3_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>>>   SSL3_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>>>   SSL3_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>>>   SSL3_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>>>   SSL3_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>>>   SSL3_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>>>   SSL3_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>>>   SSL3_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>>   SSL3_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>>>   SSL3_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   SSL3_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   SSL3_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   SSL3_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   SSL3_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   SSL3_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   SSL3_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   SSL3_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   SSL3_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   SSL3_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   SSL3_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_RSA_NULL_MD5 : SSL_NOT_EXP
>>>>>>   TLS1_RSA_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_RSA_RC4_40_MD5 : SSL_EXPORT
>>>>>>   TLS1_RSA_RC2_40_MD5 : SSL_EXPORT
>>>>>>   TLS1_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_DH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_DH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_EDH_DSS_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_EDH_RSA_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_ADH_RC4_40_MD5 : SSL_EXPORT
>>>>>>   TLS1_ADH_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_FZA_DMS_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_FZA_DMS_FZA_SHA : SSL_NOT_EXP
>>>>>>   TLS1_FZA_DMS_RC4_SHA : SSL_NOT_EXP
>>>>>>   TLS1_KRB5_DES_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_KRB5_RC2_40_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_KRB5_RC4_40_SHA : SSL_EXPORT
>>>>>>   TLS1_KRB5_DES_40_CBC_MD5 : SSL_EXPORT
>>>>>>   TLS1_KRB5_RC2_40_CBC_MD5 : SSL_EXPORT
>>>>>>   TLS1_KRB5_RC4_40_MD5 : SSL_EXPORT
>>>>>>   TLS1_RSA_EXPORT1024_WITH_RC4_56_MD5 : SSL_EXPORT
>>>>>>   TLS1_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 : SSL_EXPORT
>>>>>>   TLS1_RSA_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA : SSL_EXPORT
>>>>>>   TLS1_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA : SSL_EXPORT
>>>>>>   TLS1_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   TLS1_DH_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   TLS1_DH_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   TLS1_DHE_DSS_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   TLS1_DHE_RSA_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   TLS1_ADH_WITH_SEED_SHA : SSL_NOT_EXP
>>>>>>   TLS1_ECDH_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_ECDHE_ECDSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_ECDH_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_ECDHE_RSA_WITH_NULL_SHA : SSL_NOT_EXP
>>>>>>   TLS1_ECDH_anon_WITH_NULL_SHA : SSL_NOT_EXP
> 
>>>>>> ------ END NVT Report Detail ---------
> 
>>>>>> sslscan returns for 465, 993, 995:
> 
>>>>>> Supported Server Cipher(s):
>>>>>>     Accepted  SSLv3  256 bits  DHE-RSA-AES256-SHA
>>>>>>     Accepted  SSLv3  256 bits  AES256-SHA
>>>>>>     Accepted  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
>>>>>>     Accepted  SSLv3  168 bits  DES-CBC3-SHA
>>>>>>     Accepted  SSLv3  128 bits  DHE-RSA-AES128-SHA
>>>>>>     Accepted  SSLv3  128 bits  AES128-SHA
>>>>>>     Accepted  SSLv3  128 bits  RC4-SHA
>>>>>>     Accepted  SSLv3  128 bits  RC4-MD5
>>>>>>     Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
>>>>>>     Accepted  TLSv1  256 bits  AES256-SHA
>>>>>>     Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
>>>>>>     Accepted  TLSv1  168 bits  DES-CBC3-SHA
>>>>>>     Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
>>>>>>     Accepted  TLSv1  128 bits  AES128-SHA
>>>>>>     Accepted  TLSv1  128 bits  RC4-SHA
>>>>>>     Accepted  TLSv1  128 bits  RC4-MD5
> 
>>>>>> Open SSL lib on OpenVAS Scanner Server:
> 
>>>>>> root@watchdog:~# openssl ciphers -v 'ALL'
>>>>>> ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256)
>>>>>> Mac=AEAD
>>>>>> ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA
>>>>>> Enc=AESGCM(256) Mac=AEAD
>>>>>> ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  
>>>>>> Mac=SHA384
>>>>>> ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)
>>>>>> Mac=SHA384
>>>>>> ECDHE-RSA-AES256-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>>> ECDHE-ECDSA-AES256-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
>>>>>> SRP-DSS-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(256)  Mac=SHA1
>>>>>> SRP-RSA-AES-256-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>>> DHE-DSS-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(256)
>>>>>> Mac=AEAD
>>>>>> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256)
>>>>>> Mac=AEAD
>>>>>> DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  
>>>>>> Mac=SHA256
>>>>>> DHE-DSS-AES256-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(256)  
>>>>>> Mac=SHA256
>>>>>> DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>>> DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
>>>>>> DHE-RSA-CAMELLIA256-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(256) 
>>>>>> Mac=SHA1
>>>>>> DHE-DSS-CAMELLIA256-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(256) 
>>>>>> Mac=SHA1
>>>>>> AECDH-AES256-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(256)  Mac=SHA1
>>>>>> SRP-AES-256-CBC-SHA     SSLv3 Kx=SRP      Au=None Enc=AES(256)  Mac=SHA1
>>>>>> ADH-AES256-GCM-SHA384   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(256) 
>>>>>> Mac=AEAD
>>>>>> ADH-AES256-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(256)  
>>>>>> Mac=SHA256
>>>>>> ADH-AES256-SHA          SSLv3 Kx=DH       Au=None Enc=AES(256)  Mac=SHA1
>>>>>> ADH-CAMELLIA256-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(256) 
>>>>>> Mac=SHA1
>>>>>> ECDH-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(256)
>>>>>> Mac=AEAD
>>>>>> ECDH-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
>>>>>> Enc=AESGCM(256) Mac=AEAD
>>>>>> ECDH-RSA-AES256-SHA384  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)
>>>>>> Mac=SHA384
>>>>>> ECDH-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)
>>>>>> Mac=SHA384
>>>>>> ECDH-RSA-AES256-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(256)  Mac=SHA1
>>>>>> ECDH-ECDSA-AES256-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(256)  
>>>>>> Mac=SHA1
>>>>>> AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) 
>>>>>> Mac=AEAD
>>>>>> AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  
>>>>>> Mac=SHA256
>>>>>> AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
>>>>>> CAMELLIA256-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(256) 
>>>>>> Mac=SHA1
>>>>>> PSK-AES256-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(256)  Mac=SHA1
>>>>>> ECDHE-RSA-DES-CBC3-SHA  SSLv3 Kx=ECDH     Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>>> ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH     Au=ECDSA Enc=3DES(168) 
>>>>>> Mac=SHA1
>>>>>> SRP-DSS-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=3DES(168) Mac=SHA1
>>>>>> SRP-RSA-3DES-EDE-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>>> EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>>> EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
>>>>>> AECDH-DES-CBC3-SHA      SSLv3 Kx=ECDH     Au=None Enc=3DES(168) Mac=SHA1
>>>>>> SRP-3DES-EDE-CBC-SHA    SSLv3 Kx=SRP      Au=None Enc=3DES(168) Mac=SHA1
>>>>>> ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1
>>>>>> ECDH-RSA-DES-CBC3-SHA   SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
>>>>>> ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) 
>>>>>> Mac=SHA1
>>>>>> DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
>>>>>> DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
>>>>>> PSK-3DES-EDE-CBC-SHA    SSLv3 Kx=PSK      Au=PSK  Enc=3DES(168) Mac=SHA1
>>>>>> ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128)
>>>>>> Mac=AEAD
>>>>>> ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA
>>>>>> Enc=AESGCM(128) Mac=AEAD
>>>>>> ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  
>>>>>> Mac=SHA256
>>>>>> ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)
>>>>>> Mac=SHA256
>>>>>> ECDHE-RSA-AES128-SHA    SSLv3 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>>> ECDHE-ECDSA-AES128-SHA  SSLv3 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
>>>>>> SRP-DSS-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=DSS  Enc=AES(128)  Mac=SHA1
>>>>>> SRP-RSA-AES-128-CBC-SHA SSLv3 Kx=SRP      Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>>> DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128)
>>>>>> Mac=AEAD
>>>>>> DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128)
>>>>>> Mac=AEAD
>>>>>> DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  
>>>>>> Mac=SHA256
>>>>>> DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  
>>>>>> Mac=SHA256
>>>>>> DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>>> DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
>>>>>> DHE-RSA-SEED-SHA        SSLv3 Kx=DH       Au=RSA  Enc=SEED(128) Mac=SHA1
>>>>>> DHE-DSS-SEED-SHA        SSLv3 Kx=DH       Au=DSS  Enc=SEED(128) Mac=SHA1
>>>>>> DHE-RSA-CAMELLIA128-SHA SSLv3 Kx=DH       Au=RSA  Enc=Camellia(128) 
>>>>>> Mac=SHA1
>>>>>> DHE-DSS-CAMELLIA128-SHA SSLv3 Kx=DH       Au=DSS  Enc=Camellia(128) 
>>>>>> Mac=SHA1
>>>>>> AECDH-AES128-SHA        SSLv3 Kx=ECDH     Au=None Enc=AES(128)  Mac=SHA1
>>>>>> SRP-AES-128-CBC-SHA     SSLv3 Kx=SRP      Au=None Enc=AES(128)  Mac=SHA1
>>>>>> ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) 
>>>>>> Mac=AEAD
>>>>>> ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  
>>>>>> Mac=SHA256
>>>>>> ADH-AES128-SHA          SSLv3 Kx=DH       Au=None Enc=AES(128)  Mac=SHA1
>>>>>> ADH-SEED-SHA            SSLv3 Kx=DH       Au=None Enc=SEED(128) Mac=SHA1
>>>>>> ADH-CAMELLIA128-SHA     SSLv3 Kx=DH       Au=None Enc=Camellia(128) 
>>>>>> Mac=SHA1
>>>>>> ECDH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AESGCM(128)
>>>>>> Mac=AEAD
>>>>>> ECDH-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH
>>>>>> Enc=AESGCM(128) Mac=AEAD
>>>>>> ECDH-RSA-AES128-SHA256  TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)
>>>>>> Mac=SHA256
>>>>>> ECDH-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)
>>>>>> Mac=SHA256
>>>>>> ECDH-RSA-AES128-SHA     SSLv3 Kx=ECDH/RSA Au=ECDH Enc=AES(128)  Mac=SHA1
>>>>>> ECDH-ECDSA-AES128-SHA   SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=AES(128)  
>>>>>> Mac=SHA1
>>>>>> AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) 
>>>>>> Mac=AEAD
>>>>>> AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  
>>>>>> Mac=SHA256
>>>>>> AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
>>>>>> SEED-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=SEED(128) Mac=SHA1
>>>>>> CAMELLIA128-SHA         SSLv3 Kx=RSA      Au=RSA  Enc=Camellia(128) 
>>>>>> Mac=SHA1
>>>>>> IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
>>>>>> IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
>>>>>> RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
>>>>>> PSK-AES128-CBC-SHA      SSLv3 Kx=PSK      Au=PSK  Enc=AES(128)  Mac=SHA1
>>>>>> ECDHE-RSA-RC4-SHA       SSLv3 Kx=ECDH     Au=RSA  Enc=RC4(128)  Mac=SHA1
>>>>>> ECDHE-ECDSA-RC4-SHA     SSLv3 Kx=ECDH     Au=ECDSA Enc=RC4(128)  Mac=SHA1
>>>>>> AECDH-RC4-SHA           SSLv3 Kx=ECDH     Au=None Enc=RC4(128)  Mac=SHA1
>>>>>> ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5
>>>>>> ECDH-RSA-RC4-SHA        SSLv3 Kx=ECDH/RSA Au=ECDH Enc=RC4(128)  Mac=SHA1
>>>>>> ECDH-ECDSA-RC4-SHA      SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=RC4(128)  
>>>>>> Mac=SHA1
>>>>>> RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
>>>>>> RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>>> RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
>>>>>> PSK-RC4-SHA             SSLv3 Kx=PSK      Au=PSK  Enc=RC4(128)  Mac=SHA1
>>>>>> EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
>>>>>> EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
>>>>>> ADH-DES-CBC-SHA         SSLv3 Kx=DH       Au=None Enc=DES(56)   Mac=SHA1
>>>>>> DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
>>>>>> DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5
>>>>>> EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1
>>>>>> export
>>>>>> EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1
>>>>>> export
>>>>>> EXP-ADH-DES-CBC-SHA     SSLv3 Kx=DH(512)  Au=None Enc=DES(40)   Mac=SHA1
>>>>>> export
>>>>>> EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1
>>>>>> export
>>>>>> EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5
>>>>>>  export
>>>>>> EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5
>>>>>>  export
>>>>>> EXP-ADH-RC4-MD5         SSLv3 Kx=DH(512)  Au=None Enc=RC4(40)   Mac=MD5
>>>>>>  export
>>>>>> EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5
>>>>>>  export
>>>>>> EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5
>>>>>>  export
> 
>>>>>> I'm out of ideas... Any help would be greatly appritiated.
> 
>>>>>> Stuart Sheldon
> 
>>>>>> _______________________________________________
>>>>>> Openvas-plugins mailing list
>>>>>> [email protected]
>>>>>> http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
> 
> 
> 
> 
> 
> 
> 

- -- 
"Sometimes you lie in bed at night, and you don't have a single thing to
worry about...That always worries me! "
              -- Charles M. Schulz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBCAAGBQJQgfr1AAoJEFKVLITDJSGSdEIQALqprBTPxJFiMEEb3ueBSPZD
gXsQKwZkuH3VImdVDqKHGC66KixcNzyp0FggEt9L8Pw1S2x3ZutuHFQolRYbcQMP
lTz3lhdFVNNjmwl06fpwuYWNQv+UZWOzI1WkHR/PjNN87zQcFpf2hIcca9B1y6l3
AMp8jNQFcD2ubvQU60ch1Tu3lcdcV5Yg3dUxVC23WunVbw3ruxY9KQdeKLukgjgf
wtfUOpizdahMkXRnFYNVXCki2wolmiX/60YcGUjd3RRJ2n4616bDEoxe3X1NZILq
HQg2vIzTMFc2/bNbr5gALPxdcwqgcRacLiyN5oMORzqlXVND5MKIu6bJo1dSuP/q
NX9UmRA/oy6rVfQaAlP5PJhnHPHWn9ajKgc0tpgk813VrmqWeNsD2KOWa8sUHyPH
/qPDv+E6f12vzACWinU6pAzEftjJxEV1RubbxZ3fhJRJGtQOVifIk7VWDAQNz7OI
an4RL1G5Zt/eNsTUawqHR/ktc8NcKiO2/o9ceoWIh8Anzk5oKd7/5PdMD0/X4AsT
wxZXwYNRBhXlSL09oIrS395ae9nFoK/TydPBGo3itnPT8DTUkDA3eWFcI2KMfjeK
WVnzwjspM73FExW5QoS8e95TEe0l/3ZxM5tOMR8WDdgOm0dDRaeP/9J0oSoLkgCh
EIhb0/E3yde322CKHwpQ
=p9up
-----END PGP SIGNATURE-----
_______________________________________________
Openvas-plugins mailing list
[email protected]
http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins

Re: [Openvas-plugins] Seeing issues with SSL Detection

Reply via email to