We have configured remote scanners in our environment. A scan of our environment indicates that ospd-openvas accepts tls 1.0/1.1 connections. How can I restrict this to tls 1.2 only ?
Operating system: Kali Linux
Installation method / source: apt install openvas
Add "–gnutls-priorities=“SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3” (with quotes) to the end of the ExecStart line.
Save changes. Run sudo systemctl daemon-reload. Restart the gvm services or reboot.
See: Priority Strings (GnuTLS 3.7.2)
Thanks but my issue is with ospd-openvas. gsad is already properly configured.
My ExecStart of ospd-openvas is this:
ExecStart=/usr/bin/ospd-openvas --config /etc/gvm/ospd-openvas.conf --log-config /etc/gvm/ospd-logging.conf -p 9390 --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas -k /var/lib/gvm/private/CA/clientkey.pem --ca-file /var/lib/gvm/CA/cacert.pem -c /var/lib/gvm/CA/clientcert.pem
For ospd-openvas, the file is server.py. On a 2021-4 install the file is located at /usr/lib/python3/dist-packages/ospd/server.py.
Modify the following line.
I also tried TLSv1_3, but an error reports it is not supported.
Exactly what I was looking for ! Thanks