On Wed, Dec 28, 2005 at 03:12:44AM -0800, Steve Langasek wrote: > > > Since there is no libssl097-dev any longer I guess I'll have to recompile > > all > > packages. > > It should actually be possible to fix this with binNMUs on the autobuilders, > I think. I'll go ahead and queue those now.
Please don't. The libssl 0.9.8 does *not* work when using Nessus, I've just recompiled all packages (libnasl, nessus-plugins and nessus-core) to try to get it working and I still get this: [19131] SSL_connect: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac nessus : SSL error When trying to connect the nessus client against the server (all using 0.9.8). This seems to have happened to people using nessus in Debian or Mac OS X and building Nessus from sources with OpenSSL 0.9.8 See: http://mail.nessus.org/pipermail/nessus/2005-November/msg00206.html http://mail.nessus.org/pipermail/nessus/2005-November/msg00013.html http://archives.free.net.ph/message/20051212.082941.2fe85e3f.en.html http://mail.nessus.org/pipermail/nessus/2005-October/msg00297.html It seems it is only fixed when using openssl 0.9.7: http://mail.nessus.org/pipermail/nessus/2005-November/msg00213.html > > Did I miss some mail to d-d-a about the OpenSSL transition? > > No, there hasn't been any mail to d-d-a about it. Since libssl0.9.7 still > exists, and libssl-dev was moved to version 0.9.8, this was expected to be a > rather "soft" transition; and it has been, except for the aforementioned bug > in libssl0.9.8 giving the "bad mac" error. Well, the above error might be an issue with 0.9.8 which might not make this transition smooth for Nessus. I'm not sure if this is a Nessus or an OpenSSL issue. The same error message seems to have appeared in OpenSSL's discussion list in the past (but not recently) > Anyway, rebuilding libnasl2 against libssl0.9.8 won't make anything worse > here, AFAICT. Yes, but it seems that it's a no go, as it will not work (just tested). Regards Javier
signature.asc
Description: Digital signature
