search

mikesplain / openvas-docker

A Docker container for Openvas
MIT License
768 stars 305 forks source link

Default instance run with vulnerable cipher #157

Closed ITMaya closed 6 years ago

ITMaya commented 6 years ago

Running the tool against itself, i get the following vulnerability :

'Vulnerable' cipher suites accepted by this service via the TLSv1.0 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.1 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:

TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)

It seems to be fixable this way : http://wiki.openvas.org/index.php/Edit_the_SSL_ciphers_used_by_GSAD So, unless i get it wrong, it would be good to default the container to this :)

mikesplain commented 6 years ago

@ITMaya Thanks so much! I'm happy to accept a PR for this :)

mikesplain commented 6 years ago

Hi @ITMaya Please take a look at this PR and see if it addresses your issue: https://github.com/mikesplain/openvas-docker/pull/156

ITMaya commented 6 years ago

I pulled the image, but i guess change did not yet make is way to the master. So i applied the change manually to /etc/init.d/openvas-gsa and so far so good :D Closing this one, thanks a lot, that was fast to get a solution :) i'll pull a new image later on so as it will be embedded with the change.