Hi,
adding to the certificates mentioned previously the used cipher suites and allowed TLS version of the gsad
component plays a role as well.
By default the gsad
will use the global/system-wide configured cipher suites and TLS version of GnuTLS. To overwrite this default of GnuTLS have a look at the --gnutls-priorities
command line option of gsad
:
https://github.com/greenbone/gsa/blob/gsa-7.0/doc/gsad.8#L46-L47
Examples on a more secure priority strings where posted at various places in the past like e.g.
--gnutls-priorities=SECURE128:-AES-128-CBC:-CAMELLIA-128-CBC:-VERS-SSL3.0:-VERS-TLS1.0
http://lists.wald.intevation.org/pipermail/openvas-discuss/2017-June/011099.html