Opened 19 years ago

Closed 18 years ago

#4335 closed defect (fixed)

BUG: nessus-core 2.2.4_1-client SSL error

Reported by: don.rugh@… Owned by: opendarwin.org@…
Priority: Normal Milestone:
Component: ports Version: 1.0
Keywords: Cc:
Port:

Description

When attempting to connect from the nessus client to the server, the client displays the following error:

Error: [2102] SSL_connect: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac

Mac OS X Server 10.4.2, Xserve The following ports are currently installed:

atk 1.9.1_0 (active) expat 1.95.8_1 (active) fontconfig 2.2.3_1 (active) freetype 2.1.9_1 (active) gd2 2.0.33_2 (active) gettext 0.14.3_1 (active) glib2 2.6.5_0 (active) gtk2 2.6.8_0+darwin_8 (active) jpeg 6b_1 (active) libiconv 1.9.2_1 (active) libnasl 2.2.4_0 (active) libpng 1.2.8_2+darwin_8 (active) nessus-core 2.2.4_1 (active) nessus-libraries 2.2.4_0 (active) nessus-plugins 2.2.4_0 (active) openssl 0.9.8_0 (active) pango 1.8.1_0 (active) pkgconfig 0.17.2_1 (active) render 0.8_2 (active) squid 2.5.STABLE10_1 (active) tiff 3.7.3_0 (active) wget 1.10_0 (active) Xft2 2.1.6_0 (active) xrender 0.8.4_0 (active) zlib 1.2.3_0 (active)

On another test system, a Mini, also running same OS, it nessus runs OK -- in fact, I can use an Xserve client to connect to the Mini's server, a Mini client to connect to the Xserve server -- it's just the Xserve client that will not connect to the Xserve server. On the Mini: The following ports are currently installed:

atk 1.9.0_0 (active) expat 1.95.8_1 (active) fontconfig 2.2.3_1 (active) freetype 2.1.9_1 (active) gd2 2.0.28_0 (active) gettext 0.14.3_1 (active) glib2 2.6.4_0 (active) gtk2 2.6.7_0+darwin_8 (active) jpeg 6b_0 (active) libiconv 1.9.2_1 (active) libnasl 2.2.4_0 (active) libpng 1.2.8_1 (active) lynx 2.8.5rel.2_0+ssl (active) nessus-core 2.2.4_0 (active) nessus-libraries 2.2.4_0 (active) nessus-plugins 2.2.4_0 (active) openssl 0.9.7g_0 (active) p5-crypt-des 2.03_0 (active) p5-digest-hmac 1.01_2 (active) p5-digest-sha1 2.10_0 (active) p5-net-snmp 5.0.1_0 (active) pango 1.8.0_0 (active) pcre 5.0_0 (active) perl5.8 5.8.6_1 (active) pkgconfig 0.17.2_0 (active) render 0.8_2 (active) snort 2.3.3_0 (active) squid 2.5.STABLE8_0 (active) tiff 3.7.1_0 (active) Xft2 2.1.6_0 (active) xrender 0.8.4_0 (active) zlib 1.2.2_1 (active)

Note the different versions of openssl and nessus-core -- dk if this is an issue or not. HELP!

Change History (3)

comment:1 Changed 19 years ago by toby@…

severity: blockernormal

comment:2 Changed 19 years ago by opendarwin.org@…

Status: newassigned

There's something wrong w/ TLSv1 between nessus, Mac OS X (at least 10.4.2), and OpenSSL 0.9.8 (at least). I've been (very slowly) hunting it out this week, nothing yet. As a work-around, you can set "ssl_version=sslv3" in ~/.nessusrc and the nessusd config file.

comment:3 Changed 18 years ago by opendarwin.org@…

Resolution: fixed
Status: assignedclosed

added patches to add "ssl_version = sslv3" to auto-generated .nessusrc and nessusd.conf files

Note: See TracTickets for help on using tickets.