Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

updated openssl and still get error message #9

Closed
GoogleCodeExporter opened this issue Feb 11, 2016 · 7 comments
Closed

updated openssl and still get error message #9

GoogleCodeExporter opened this issue Feb 11, 2016 · 7 comments
Labels
auto-migrated Priority-Medium Type-Defect

Comments

@GoogleCodeExporter
Copy link 

$python sslyze.py --reneg www.serverxyz.de:443 

i get the following error message:

* Session Renegotiation : 
OpenSSL version is 0.9.8l or earlier. Can't test for insecure renegotiation. 
Update OpenSSL to 0.9.8m+.

When i check the Version of openSSL:

$OpenSSL> version
$OpenSSL 1.0.0e 6 Sep 2011
$OpenSSL> 

any clues ?

Original issue reported on code.google.com by schmidt....@gmail.com on 3 Jan 2012 at 12:35
@GoogleCodeExporter
Copy link
Author 

Which OS and Python version are you running ? Do you have multiple versions of 
OpenSSL installed ?

Original comment by nabla.c...@gmail.com on 4 Jan 2012 at 1:52

  • Changed state: Accepted

@GoogleCodeExporter
Copy link
Author 

OS:

Ubuntu Lucid / Kernel 2.6.38 Backtrack 5 R1.

Python: 

Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56) 
[GCC 4.4.3] on linux2

Original comment by schmidt....@gmail.com on 4 Jan 2012 at 2:27

@GoogleCodeExporter
Copy link
Author 

Can you give me the output for the following commands:
$ locate libssl.so
$ locate libssl.so.1.0.0
$ locate libssl.so.0.9.8

Original comment by nabla.c...@gmail.com on 11 Jan 2012 at 6:47

@GoogleCodeExporter
Copy link
Author 

Hi, here we go:

root@bt:/# locate libssl.so
/lib/libssl.so.0.9.8
/lib/i486/libssl.so.0.9.8
/lib/i586/libssl.so.0.9.8
/lib/i686/cmov/libssl.so.0.9.8
/opt/framework/lib/libssl.so
/opt/framework/lib/libssl.so.0.9.8
/usr/lib/libssl.so.0.9.8

root@bt:/# locate libssl.so.1.0.0
no output

root@bt:/# locate libssl.so.0.9.8
/lib/libssl.so.0.9.8
/lib/i486/libssl.so.0.9.8
/lib/i586/libssl.so.0.9.8
/lib/i686/cmov/libssl.so.0.9.8
/opt/framework/lib/libssl.so.0.9.8
/usr/lib/libssl.so.0.9.8

thx in advance.

Original comment by schmidt....@gmail.com on 11 Jan 2012 at 10:47

@GoogleCodeExporter
Copy link
Author 

So when sslyze starts, it first tries to load the OpenSSL 1.0.0 library which 
is libssl.so.1.0.0. If that fails, it tries to load OpenSSL 0.9.8 instead. 

As you can see, libssl.so.1.0.0 is nowhere to be found on your system (locate 
libssl.1.0.0 returns nothing). It should be in /usr/lib/. Not sure what you 
installed or how you installed it, but the library is not there.
Good luck !

Original comment by nabla.c...@gmail.com on 12 Jan 2012 at 7:51

  • Changed state: Invalid

@GoogleCodeExporter
Copy link
Author 

Hi,

thx for the answer. Its a Standard Backtrack 5 R1 Installation, without any 
non-standard configs. Do you have some advice how to fix this ? Some Command 
Line would be appreciated.

Original comment by schmidt....@gmail.com on 13 Jan 2012 at 12:41

@GoogleCodeExporter
Copy link
Author 

Sorry, I don't know... You'll probably have to build OpenSSL 1.0.0 yourself but 
I don't know the details.

Original comment by nabla.c...@gmail.com on 13 Jan 2012 at 3:25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter