Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nessus error #534

Closed
BNYBLN030 opened this issue Aug 13, 2017 · 7 comments
Closed

Nessus error #534

BNYBLN030 opened this issue Aug 13, 2017 · 7 comments

Comments

@BNYBLN030
Copy link

@BNYBLN030 BNYBLN030 commented Aug 13, 2017

Nessus server returned error code: 500
Message: Can't connect to 192.168.0.104:8834 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 46.

3 retries left
Sleeping for 30 seconds before retring
Nessus server returned error code: 500
Message: Can't connect to 192.168.0.104:8834 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 46.

2 retries left
Sleeping for 30 seconds before retring
Nessus server returned error code: 500
Message: Can't connect to 192.168.0.104:8834 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 46.

1 retries left
Sleeping for 30 seconds before retring
Nessus server returned error code: 500
Message: Can't connect to 192.168.0.104:8834 (certificate verify failed)

SSL connect attempt failed error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed at /usr/share/perl5/vendor_perl/LWP/Protocol/http.pm line 46.

@BNYBLN030
Copy link
Author

@BNYBLN030 BNYBLN030 commented Aug 30, 2017

what is the issue?
I cant start nessus with seccubus. Everytim if i run the scan, i get this message

@MrSeccubus
Copy link
Member

@MrSeccubus MrSeccubus commented Sep 1, 2017

What OS are you using? This seems to be an OS specific thing.

@BNYBLN030
Copy link
Author

@BNYBLN030 BNYBLN030 commented Sep 1, 2017

@seccubus i use Fedora

@BNYBLN030
Copy link
Author

@BNYBLN030 BNYBLN030 commented Sep 4, 2017

@seccubus do you have an idea?

@arkenoi
Copy link
Member

@arkenoi arkenoi commented Sep 4, 2017

Seen that too on Debian, despite --nosslverify was specified.

@BNYBLN030
Copy link
Author

@BNYBLN030 BNYBLN030 commented Sep 5, 2017

@seccubus @arkenoi yes i try it with --nosslverify too, the message is just the same.

@MrSeccubus
Copy link
Member

@MrSeccubus MrSeccubus commented Sep 6, 2017

O.K. this took quite a bit of digging, but here comes the explanation:

  • The fact that setting $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} completely disabled SSL checking was actually a bug,and it should just have disabled host name mismatches.
  • Now operating systems are picking up a 'repaired' version of the library and thus the behaviour changed.
  • Instead I should be setting ssl_opts => { SSL_verify_mode = 0 } when creating the user agent object

Kudo's to https://bugs.launchpad.net/ubuntu/+source/libwww-perl/+bug/1408331 and negative kudo's to all the wrong answers that come out of Google.

@MrSeccubus MrSeccubus mentioned this issue Sep 6, 2017
@MrSeccubus MrSeccubus closed this in 53b38f6 Sep 7, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.