Scanning gvm with gvm

Hi,

adding to the certificates mentioned previously the used cipher suites and allowed TLS version of the gsad component plays a role as well.

By default the gsad will use the global/system-wide configured cipher suites and TLS version of GnuTLS. To overwrite this default of GnuTLS have a look at the --gnutls-priorities command line option of gsad:

https://github.com/greenbone/gsa/blob/gsa-7.0/doc/gsad.8#L46-L47

Examples on a more secure priority strings where posted at various places in the past like e.g.

--gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
http://lists.wald.intevation.org/pipermail/openvas-discuss/2017-June/011099.html

1 Like