Howdy,
To test the security of my proprietary HTTPS server, built with OpenSSL
library version 0.9.7d, I ran Nessus version 2.2 against it and it reported
the following alert (as issued by Nessus plug-in ID 11875, described at:
http://cgi.nessus.org/plugins/dump.php3?id=11875 ):
---
On Tue, Nov 30, 2004, Andrew Kraslavsky wrote:
> Howdy,
>
> To test the security of my proprietary HTTPS server, built with OpenSSL
> library version 0.9.7d, I ran Nessus version 2.2 against it and it reported
> the following alert (as issued by Nessus plug-in ID 11875, described at:
> http://
On Tue, Nov 30, 2004, Andrew Kraslavsky wrote:
> To test the security of my proprietary HTTPS server, built with OpenSSL
> library version 0.9.7d, I ran Nessus version 2.2 against it and it reported
> the following alert (as issued by Nessus plug-in ID 11875, described at:
> http://cgi.nessus.o
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7d?
Date: Tue, 30 Nov 2004 21:57:42 +0100
On Tue, Nov 30, 2004, Andrew Kraslavsky wrote:
> Howdy,
>
> To test the security of my proprietary HTTPS s
a way
as to be transparent to the application.
This is the specific area I am hoping to have clarified.
Thanks again,
- Andrew
From: George Theall <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7d
ic is faulty. If not, is there something I can do to make my server
behave better in its response?
Thanks,
- Andrew
From: "Andrew Kraslavsky" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Nessus security alert issued in error against OpenSSL v0.9.7
On Thu, Dec 02, 2004 at 09:36:57PM -0800, Andrew Kraslavsky wrote:
> My revised question is, do you have any idea why the server bothers to put
> the Server Hello and Certificate records into the response only to follow
> them with a fatal error? Is this the expected behavior?
I don't know --