Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NSClient SSL Anonymous Cipher Suites #776

Open
rsmith1969 opened this issue Sep 30, 2022 · 1 comment
Open

NSClient SSL Anonymous Cipher Suites #776

rsmith1969 opened this issue Sep 30, 2022 · 1 comment

Comments

@rsmith1969
Copy link

We have been asked by our Security team to close some Nessus scan results.

The latest one is:
SSL Anonymous Cipher Suites

The attached is the result from the scan.
NSClient_Scan

How can we go about disabling weak ciphers in NSClient?

NSClient INI Entry:

[/settings/NRPE/server]

allowed ciphers = AES256:SHA256:TLSv1.2
use ssl = true
insecure = true
verify mode = none
ssl options = no-sslv2,no-sslv3,no-tlsv1,no-tlsv1_1
allow arguments = true
allow nasty characters = true
allowed hosts = 10.0.0.0/8
port = 5666

Log File:

2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:28: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:29: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:30: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:31: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:31: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:32: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:32: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: http request: 156
2022-09-30 13:01:32: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:33: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:33: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:34: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:35: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:36: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:37: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:01:37: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:38: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:39: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:40: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:41: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:01:47: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:270: Seems we cant agree on SSL: no shared cipher
2022-09-30 13:01:48: error:c:\source\master\include\socket/connection.hpp:271: Please review the insecure options as well as ssl options in settings.
2022-09-30 13:01:49: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:50: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:51: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:52: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:53: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:01:54: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:02:02: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:02:02: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2022-09-30 13:02:10: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2022-09-30 13:02:18: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
2022-09-30 13:02:40: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: An existing connection was forcibly closed by the remote host: 1862
2022-09-30 13:05:38: error:c:\source\master\include\socket/connection.hpp:168: Failed to read data: An existing connection was forcibly closed by the remote host
@h3ge
Copy link

h3ge commented Feb 7, 2023

You can try it with the config I'm using:
And please change your allowed host setting to something more specific or use ssl verification.....

allowed ciphers=DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DH-RSA-AES128-GCM-SHA256:DH-RSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256
ssl options=no-sslv2,no-sslv3,no-tlsv1
use ssl=1
insecure=0
dh=${certificate-path}/nrpe_dh_4096.pem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@h3ge @rsmith1969