Ubuntu
nessus-core package

  1. Bug #27698
  2. Comment #31

Comment 31 for bug 27698

Revision history for this message
Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 28 Dec 2005 12:30:53 +0100
From: Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <email address hidden>
To: Steve Langasek <email address hidden>, <email address hidden>
Subject: Re: Bug#343487: nessusd: cannot connect to 2.2.5-3 server

--W/nzBZO5zC0uMSeA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Dec 28, 2005 at 03:12:44AM -0800, Steve Langasek wrote:
>=20
> > Since there is no libssl097-dev any longer I guess I'll have to recompi=
 le all
> > packages.
>=20
> It should actually be possible to fix this with binNMUs on the autobuilde=
 rs,
> I think. I'll go ahead and queue those now.

Please don't. The libssl 0.9.8 does *not* work when using Nessus, I've just
recompiled all packages (libnasl, nessus-plugins and nessus-core) to try to
get it working and I still get this:

[19131] SSL_connect: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac
nessus : SSL error

When trying to connect the nessus client against the server (all using
0.9.8). This seems to have happened to people using nessus in Debian or Mac
OS X and building Nessus from sources with OpenSSL 0.9.8
See:

http://mail.nessus.org/pipermail/nessus/2005-November/msg00206.html
http://mail.nessus.org/pipermail/nessus/2005-November/msg00013.html
http://archives.free.net.ph/message/20051212.082941.2fe85e3f.en.html
http://mail.nessus.org/pipermail/nessus/2005-October/msg00297.html

It seems it is only fixed when using openssl 0.9.7:
http://mail.nessus.org/pipermail/nessus/2005-November/msg00213.html

> > Did I miss some mail to d-d-a about the OpenSSL transition?
>=20
> No, there hasn't been any mail to d-d-a about it. Since libssl0.9.7 still
> exists, and libssl-dev was moved to version 0.9.8, this was expected to b=
e a
> rather "soft" transition; and it has been, except for the aforementioned =
bug
> in libssl0.9.8 giving the "bad mac" error.

Well, the above error might be an issue with 0.9.8 which might not make this
transition smooth for Nessus. I'm not sure if this is a Nessus or an OpenS=
SL
issue. The same error message seems to have appeared in OpenSSL's discussion
list in the past (but not recently)

> Anyway, rebuilding libnasl2 against libssl0.9.8 won't make anything worse
> here, AFAICT.

Yes, but it seems that it's a no go, as it will not work (just tested).

Regards

Javier

--W/nzBZO5zC0uMSeA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDsndtsandgtyBSwkRAnVAAJ9AMi8nWpQOy7YG5vTinT9981NhGACeJzge
Y1aJoXY2TNFn0iEbIdpWKuU=
=1FVg
-----END PGP SIGNATURE-----

--W/nzBZO5zC0uMSeA--