View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004372 | Kali Linux | Kali Package Bug | public | 2017-11-29 00:35 | 2019-09-04 12:37 |
Reporter | hexxonxonx | Assigned To | dookie | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | open | ||
Product Version | 2017.2 | ||||
Summary | 0004372: Nikto/Nmap unable to handsake with older SSL version | ||||
Description | When attempting to run tools that require an SSL connection with servers that are using older versions an error occurs, for example in nikto whisker reports: 'whisker' => { | ||||
Steps To Reproduce | run nikto against an older version of a ssl enable host commandline: nikto -ssl -host XX.XX.XX.XX -D d any other variations will produce the same error. Changing user agent/other twaeks seem to have no effect. I have also pulled Nikto directly from web (non Kali version and get the same error with 2.16 and master) For ncat the error is: libnsock handle_connect_result(): EID 9 reconnecting with SSL_OP_NO_SSLv2 with the command: ncat -v -v --ssl X.X.X.X 443 | ||||
Additional Information | :Tue Nov 28 17:10:56 2017 - Loading DB: /var/lib//nikto/databases/db_parked_strings
| ||||
A few things:
Link to 2 discussion on 2 different projects relying on OpenSSL might be useful:
Solutions are pointed out in both email chains |
|
Do you know which specific version of SSL and/or TLS were failing for you? Do you know public servers running those old SSL/TLS versions so that I can easily test? What version of libssl1.1 do you have? openssl 1.1.0g-1 re-enabled TLS 1.0 and 1.1 by default so that's why I'm asking here (the TLS 1.0 and 1.1 disabled by default is not a choice of upstream OpenSSL but of the Debian openssl maintainer). |
|
libssl1.1 : 1.1.0f The host is inside the Kali Offsec Labs, it is pain. I belive the version on that server is 1.0 based on whisker output I'm using OffsecVM-2017.2-20171023 from the PWK site. |
|
Upgrading to new version of libssl1.1/libssl dev fixed this I only upgraded libssl1.1 via: apt install --only-upgrade libssl moving my version up to 1.1.0g-2 this also upped libc-bin to 2.24-17 Commands run fine now against the host,however the Offsec PWK still has the non working version of the lib in it in the image. Please let me know if you have any qestions |
|
Is this issue still revelant? @dookie can you check the current OffsecVM from the PWK? |
|
Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling <= 2018.4), these legacy versions are no longer supported. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup? |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2017-11-29 00:35 | hexxonxonx | New Issue | |
2017-11-29 00:45 | Mister_X | Note Added: 0007624 | |
2017-11-29 07:45 | rhertzog | Assigned To | => rhertzog |
2017-11-29 07:45 | rhertzog | Status | new => assigned |
2017-11-29 07:54 | rhertzog | Note Added: 0007625 | |
2017-11-29 13:27 | hexxonxonx | Note Added: 0007626 | |
2017-11-30 22:45 | hexxonxonx | Note Added: 0007645 | |
2018-06-22 06:19 | g0tmi1k | Severity | block => minor |
2018-07-27 10:30 | rhertzog | Status | assigned => feedback |
2018-07-27 10:30 | rhertzog | Note Added: 0009394 | |
2018-10-30 11:01 | g0tmi1k | Assigned To | rhertzog => dookie |
2018-12-14 10:56 | rhertzog | Relationship added | related to 0005158 |
2019-09-04 12:37 | g0tmi1k | Note Added: 0011023 | |
2019-09-04 12:37 | g0tmi1k | Status | feedback => closed |