On Wed, Dec 28, 2005 at 03:12:44AM -0800, Steve Langasek wrote:
>=20
> > Since there is no libssl097-dev any longer I guess I'll have to recompi=
le all
> > packages.
>=20
> It should actually be possible to fix this with binNMUs on the autobuilde=
rs,
> I think. I'll go ahead and queue those now.
Please don't. The libssl 0.9.8 does *not* work when using Nessus, I've just
recompiled all packages (libnasl, nessus-plugins and nessus-core) to try to
get it working and I still get this:
[19131] SSL_connect: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac
nessus : SSL error
When trying to connect the nessus client against the server (all using
0.9.8). This seems to have happened to people using nessus in Debian or Mac
OS X and building Nessus from sources with OpenSSL 0.9.8
See:
> > Did I miss some mail to d-d-a about the OpenSSL transition?
>=20
> No, there hasn't been any mail to d-d-a about it. Since libssl0.9.7 still
> exists, and libssl-dev was moved to version 0.9.8, this was expected to b=
e a
> rather "soft" transition; and it has been, except for the aforementioned =
bug
> in libssl0.9.8 giving the "bad mac" error.
Well, the above error might be an issue with 0.9.8 which might not make this
transition smooth for Nessus. I'm not sure if this is a Nessus or an OpenS=
SL
issue. The same error message seems to have appeared in OpenSSL's discussion
list in the past (but not recently)
> Anyway, rebuilding libnasl2 against libssl0.9.8 won't make anything worse
> here, AFAICT.
Yes, but it seems that it's a no go, as it will not work (just tested).
Regards
Javier
--W/nzBZO5zC0uMSeA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
Message-ID: <email address hidden> 1?Q?Fern= E1ndez- Sanguino_ Pe=F1a? = <email address hidden>
Date: Wed, 28 Dec 2005 12:30:53 +0100
From: Javier =?iso-8859-
To: Steve Langasek <email address hidden>, <email address hidden>
Subject: Re: Bug#343487: nessusd: cannot connect to 2.2.5-3 server
--W/nzBZO5zC0uMSeA Disposition: inline Transfer- Encoding: quoted-printable
Content-Type: text/plain; charset=us-ascii
Content-
Content-
On Wed, Dec 28, 2005 at 03:12:44AM -0800, Steve Langasek wrote:
>=20
> > Since there is no libssl097-dev any longer I guess I'll have to recompi=
le all
> > packages.
>=20
> It should actually be possible to fix this with binNMUs on the autobuilde=
rs,
> I think. I'll go ahead and queue those now.
Please don't. The libssl 0.9.8 does *not* work when using Nessus, I've just
recompiled all packages (libnasl, nessus-plugins and nessus-core) to try to
get it working and I still get this:
[19131] SSL_connect: error:1408F455:SSL routines: SSL3_GET_ RECORD: decryption
failed or bad record mac
nessus : SSL error
When trying to connect the nessus client against the server (all using
0.9.8). This seems to have happened to people using nessus in Debian or Mac
OS X and building Nessus from sources with OpenSSL 0.9.8
See:
http:// mail.nessus. org/pipermail/ nessus/ 2005-November/ msg00206. html mail.nessus. org/pipermail/ nessus/ 2005-November/ msg00013. html archives. free.net. ph/message/ 20051212. 082941. 2fe85e3f. en.html mail.nessus. org/pipermail/ nessus/ 2005-October/ msg00297. html
http://
http://
http://
It seems it is only fixed when using openssl 0.9.7: mail.nessus. org/pipermail/ nessus/ 2005-November/ msg00213. html
http://
> > Did I miss some mail to d-d-a about the OpenSSL transition?
>=20
> No, there hasn't been any mail to d-d-a about it. Since libssl0.9.7 still
> exists, and libssl-dev was moved to version 0.9.8, this was expected to b=
e a
> rather "soft" transition; and it has been, except for the aforementioned =
bug
> in libssl0.9.8 giving the "bad mac" error.
Well, the above error might be an issue with 0.9.8 which might not make this
transition smooth for Nessus. I'm not sure if this is a Nessus or an OpenS=
SL
issue. The same error message seems to have appeared in OpenSSL's discussion
list in the past (but not recently)
> Anyway, rebuilding libnasl2 against libssl0.9.8 won't make anything worse
> here, AFAICT.
Yes, but it seems that it's a no go, as it will not work (just tested).
Regards
Javier
--W/nzBZO5zC0uMSeA pgp-signature; name="signature .asc" Description: Digital signature Disposition: inline
Content-Type: application/
Content-
Content-
-----BEGIN PGP SIGNATURE-----
dgtyBSwkRAnVAAJ 9AMi8nWpQOy7YG5 vTinT9981NhGACe Jzge bIdpWKuU=
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDsndtsan
Y1aJoXY2TNFn0iE
=1FVg
-----END PGP SIGNATURE-----
--W/nzBZO5zC0uM SeA--