I am running some tests against my stunnel configuration with Nessus. I am able to get stunnel to exit silently when I run Nessus with the Nessus TCP Scan and Weak Supported SSL Cipher Suites test. I have played with a few different options but the process consistently ends when these tests are run together. Here is the config:
Linux testssl.capwin.net 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:16 EST 2007 i686 i686 i386 GNU/Linux gcc version 4.1.2 20070626 (Red Hat 4.1.2-14) stunnel 4.20 on i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP OpenSSL 0.9.8b 04 May 2006
Tail of log file during nessus tests 2008.01.15 21:24:30 LOG5[10646:3086605200]: XMPP accepted connection from 10.102.11.250:41781 2008.01.15 21:24:30 LOG7[10646:3086605200]: SSL state (accept): before/accept initialization 2008.01.15 21:24:30 LOG7[10646:3086605200]: SSL alert (write): fatal: handshake failure 2008.01.15 21:24:30 LOG3[10646:3086605200]: SSL_accept: 1408A10B: error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number 2008.01.15 21:24:30 LOG5[10646:3086605200]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2008.01.15 21:24:30 LOG7[10646:3086605200]: XMPP finished (0 left) 2008.01.15 21:24:30 LOG7[10646:3086608080]: XMPP accepted FD=7 from 10.102.11.250:41782 2008.01.15 21:24:30 LOG7[10646:3086605200]: XMPP started 2008.01.15 21:24:30 LOG7[10646:3086605200]: FD 7 in non-blocking mode 2008.01.15 21:24:30 LOG7[10646:3086605200]: TCP_NODELAY option set on local socket 2008.01.15 21:24:30 LOG7[10646:3086605200]: FD 8 in non-blocking mode 2008.01.15 21:24:30 LOG7[10646:3086605200]: FD 9 in non-blocking mode 2008.01.15 21:24:30 LOG7[10646:3086608080]: Cleaning up the signal pipe 2008.01.15 21:24:30 LOG6[10646:3086608080]: Child process 10676 finished with code 0 2008.01.15 21:24:30 LOG7[10646:3086605200]: Connection from 10.102.11.250:41782 permitted by libwrap 2008.01.15 21:24:30 LOG5[10646:3086605200]: XMPP accepted connection from 10.102.11.250:41782 2008.01.15 21:24:30 LOG7[10646:3086605200]: SSL state (accept): before/accept initialization
Joe A. Kemp CapWIN Senior Systems Architect 6305 Ivy Lane Suite 300 Greenbelt, MD 20770 (P) 301-614-3727 (F) 301-614-0581
"Joe Kemp" jkemp@capwin.org wrote:
I am running some tests against my stunnel configuration with Nessus. I am able to get stunnel to exit silently when I run Nessus with the Nessus TCP Scan and Weak Supported SSL Cipher Suites test. I have played with a few different options but the process consistently ends when these tests are run together. Here is the config:
Linux testssl.capwin.net 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:16 EST 2007 i686 i686 i386 GNU/Linux gcc version 4.1.2 20070626 (Red Hat 4.1.2-14) stunnel 4.20 on i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP OpenSSL 0.9.8b 04 May 2006
Try upgrading your OpenSSL first. It's very old and buggy.
If it doesn't help -- send us your stack backtrace: http://wiki.mandriva.com/en/Development/Howto/Software_Crash
Best regards, Mike
-
Joe Kemp -
Michal Trojnara