NSClient++ Help (#1) - SSL Medium Strength (#714) - Message List
Hi,
We are trying to be PCI compliant, but now we run into a problem with the NSClient. Our QSA need an approve scan test (Nessus) on our network, but Nessus return "SSL Medium Strength" on port 5666.
Nessus return:
Here are the medium strength SSL ciphers supported by the remote server :
Medium Strength Ciphers (>= 56-bit and < 112-bit key)
SSLv3
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
TLSv1
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES(56) Mac=SHA1
I have done some fix in the registry, that is also have something with SSL to do, but I don't know if NSCLient is using that. Also in nsc.ini I have enabled "use_ssl=1" and "NSClientListener.dll", but with no luck, the Nessus still return the same weakness.
Does anybody now what I'm talking about, and maybe have some tips on how to fix this?
Thanks in advances
Satto
The server is a win 2008R2
-
Message #2017
Hello,
NRPE (and thus also NSClient++) is not secure so do not use "SSL" from a security perspective. NRPE use a fixed key which means anyone with access to they key (read everyone) can decrypt traffic if they are so inclined.
NSClient (check_nt) does not really support encryption at all so that is not much better. This is something which will be "resolved" (read changed) in the future (when I write a custom protocol) but as of now I am using the Nagios protocols which are not secure.
Michael Medin
mickem12/16/10 13:56:49 (2 years ago)
