[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openvas-discuss
Subject:    Re: [Openvas-discuss] OPENVASMD 9390/TCP Weak Ciphers
From:       Jason Garin <j_garin5 () yahoo ! com>
Date:       2014-05-27 19:54:27
Message-ID: 1401220467.58992.YahooMailNeo () web161303 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Are the --gnutls-priorities and --dhparams arguments available for v6. I know they are available for v5.



On Monday, May 26, 2014 5:38 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
 



Am 26.05.2014 13:58, schrieb Hani Benhabiles:
> On 2014-05-26 12:07, Reindl Harald wrote:
>
> Because there is no such thing as "default" DH parameters to be used for 
> DHE by the server. Not with GnuTLS 2.x nor
> with GnuTLS 3.x...
> 
> Don't trust me ?
> - Check openssl s_server's -dhparam
> - Check gnutls's --dhparams
> - Check nginx' ssl_dhparam configuration
> - Check openvpn's --dh
> etc,...

that must be why Apache can offer DHE for years without
specific configurations and even if it needs dh-params
it can be not that hard to generate them automatically

* dovecot can
* postfix can
* apache can

only GSA can't

[harry@rh:~]$ sslscan openvas | grep Accepted
    Accepted  SSLv3  256 bits  AES256-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Accepted  SSLv3  128 bits  RC4-SHA
    Accepted  SSLv3  128 bits  RC4-MD5
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  256 bits  CAMELLIA256-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  128 bits  CAMELLIA128-SHA
    Accepted  TLSv1  128 bits  RC4-SHA
    Accepted  TLSv1  128 bits  RC4-MD5
    Accepted  TLS11  256 bits  AES256-SHA
    Accepted  TLS11  256 bits  CAMELLIA256-SHA
    Accepted  TLS11  168 bits  DES-CBC3-SHA
    Accepted  TLS11  128 bits  AES128-SHA
    Accepted  TLS11  128 bits  CAMELLIA128-SHA
    Accepted  TLS11  128 bits  RC4-SHA
    Accepted  TLS11  128 bits  RC4-MD5

_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Attachment #5 (text/html)]

<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, \
Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt"><div>Are \
the --gnutls-priorities and --dhparams arguments available for v6. I know they are \
available for v5.</div><div></div><div><br></div> <div \
class="qtdSeparateBR"><br><br></div><div class="yahoo_quoted" style="display: \
block;"> <div style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, \
'Lucida Grande', sans-serif; font-size: 12pt;"> <div style="font-family: \
HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; \
font-size: 12pt;"> <div dir="ltr"> <font size="2" face="Arial"> On Monday, May 26, \
2014 5:38 AM, Reindl Harald &lt;h.reindl@thelounge.net&gt; wrote:<br> </font> </div>  \
<br><br> <div class="y_msg_container"><br>Am 26.05.2014 13:58, schrieb Hani \
Benhabiles:<br>&gt; On 2014-05-26 12:07, Reindl Harald wrote:<br>&gt;<br>&gt; Because \
there is no  such thing as "default" DH parameters to be used for <br>&gt; DHE by the \
server. Not with GnuTLS 2.x nor<br>&gt; with GnuTLS 3.x...<br>&gt; <br>&gt; Don't \
trust me ?<br>&gt; - Check openssl s_server's -dhparam<br>&gt; - Check gnutls's \
--dhparams<br>&gt; - Check nginx' ssl_dhparam configuration<br>&gt; - Check openvpn's \
--dh<br>&gt; etc,...<br><br>that must be why Apache can offer DHE for years \
without<br>specific configurations and even if it needs dh-params<br>it can be not \
that hard to generate them automatically<br><br>* dovecot can<br>* postfix can<br>* \
apache can<br><br>only GSA can't<br><br>[<a ymailto="mailto:harry@rh" \
href="mailto:harry@rh">harry@rh</a>:~]$ sslscan openvas | grep Accepted<br>&nbsp; \
&nbsp; Accepted&nbsp; SSLv3&nbsp; 256 bits&nbsp; AES256-SHA<br>&nbsp; &nbsp; \
Accepted&nbsp; SSLv3&nbsp; 168 bits&nbsp; DES-CBC3-SHA<br>&nbsp; &nbsp; \
Accepted&nbsp; SSLv3&nbsp; 128 bits&nbsp; AES128-SHA<br>&nbsp; &nbsp; Accepted&nbsp; \
SSLv3&nbsp; 128  bits&nbsp; RC4-SHA<br>&nbsp; &nbsp; Accepted&nbsp; SSLv3&nbsp; 128 \
bits&nbsp; RC4-MD5<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; \
AES256-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 256 bits&nbsp; \
CAMELLIA256-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 168 bits&nbsp; \
DES-CBC3-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; \
AES128-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; \
CAMELLIA128-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; \
RC4-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLSv1&nbsp; 128 bits&nbsp; RC4-MD5<br>&nbsp; \
&nbsp; Accepted&nbsp; TLS11&nbsp; 256 bits&nbsp; AES256-SHA<br>&nbsp; &nbsp; \
Accepted&nbsp; TLS11&nbsp; 256 bits&nbsp; CAMELLIA256-SHA<br>&nbsp; &nbsp; \
Accepted&nbsp; TLS11&nbsp; 168 bits&nbsp; DES-CBC3-SHA<br>&nbsp; &nbsp; \
Accepted&nbsp; TLS11&nbsp; 128 bits&nbsp; AES128-SHA<br>&nbsp; &nbsp; Accepted&nbsp; \
TLS11&nbsp; 128 bits&nbsp; CAMELLIA128-SHA<br>&nbsp; &nbsp;  Accepted&nbsp; \
TLS11&nbsp; 128 bits&nbsp; RC4-SHA<br>&nbsp; &nbsp; Accepted&nbsp; TLS11&nbsp; 128 \
bits&nbsp; RC4-MD5<br><br>_______________________________________________<br>Openvas-discuss \
mailing list<br><a ymailto="mailto:Openvas-discuss@wald.intevation.org" \
href="mailto:Openvas-discuss@wald.intevation.org">Openvas-discuss@wald.intevation.org</a><br><a \
href="https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss" \
target="_blank">https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss</a><br><br></div> \
</div> </div>  </div> </div></body></html>



_______________________________________________
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic