search

mickem / nscp

NSClient++
http://nsclient.org
GNU General Public License v2.0
244 stars 94 forks source link

NSClient SSL Anonymous Cipher Suites #776

Open rsmith1969 opened 2 years ago

rsmith1969 commented 2 years ago

We have been asked by our Security team to close some Nessus scan results.

The latest one is: SSL Anonymous Cipher Suites

The attached is the result from the scan. NSClient_Scan

How can we go about disabling weak ciphers in NSClient?

NSClient INI Entry:

[/settings/NRPE/server]

allowed ciphers = AES256:SHA256:TLSv1.2 use ssl = true insecure = true verify mode = none ssl options = no-sslv2,no-sslv3,no-tlsv1,no-tlsv1_1 allow arguments = true allow nasty characters = true allowed hosts = 10.0.0.0/8 port = 5666

Log File:

2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings. 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings. 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:31: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:31: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:32: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:32: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: http request: 156 2022-09-30 13:01:32: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:33: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:33: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:35: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:36: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:37: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:01:37: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:38: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:39: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:40: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:41: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:01:47: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher 2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings. 2022-09-30 13:01:49: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:50: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:51: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:52: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:53: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:01:54: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:02:02: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:02:02: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol 2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings. 2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol 2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings. 2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol 2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings. 2022-09-30 13:02:18: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host 2022-09-30 13:02:40: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862 2022-09-30 13:05:38: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host

h3ge commented 1 year ago

You can try it with the config I'm using: And please change your allowed host setting to something more specific or use ssl verification.....

allowed ciphers=DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DH-RSA-AES128-GCM-SHA256:DH-RSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256 ssl options=no-sslv2,no-sslv3,no-tlsv1 use ssl=1 insecure=0 dh=${certificate-path}/nrpe_dh_4096.pem