English | Deutsch
Home »

OpenVAS Change Request #10: Remove support for non-SSL connections in OpenVAS-Client

Status: Voted +2. Implemented with revision 937. Released with OpenVAS-Client 1.0.4.

Purpose

To force the client to establish an encrypted connection to the server and thus avoid the transmission of unencrypted data between server and client.

To remove unused code from the OpenVAS-Client codebase and improve maintainability of the code.

To avoid confusion that could arise when users try to establish an unencrypted connection to OpenVAS-Server.

References

Rationale

OpenVAS-Client provides an option to use SSL encryption for the communication between client and server. This option defaults to the use of encryption. Disabling this option cause the communication to be unencrypted and opens the possibility for a potential eavesdropper to intercept and/or manipulate the data sent between server and client. Because of this, support for unencrypted communication has already been removed from OpenVAS-Server. However, code for this option is still present in the client even though it is no longer functional.

Also, code for an unencrypted communication with the server via an unix socket is still present in the client even though support for this on the server has already been removed as well. This code can be removed since SSL support is present and the use of unix sockets was only a workaround for unencrypted network communication.

While support for an unencrypted connection between client and server has been removed from OpenVAS-Server, it should be noted that this option was still viable for connections between an OpenVAS-Client and a Nessus 2.2 server. Removal of support for non-SSL connections in OpenVAS-Client will mean that those connections will no longer work.

Effects

Design and Implementation

History