OpenVAS Change Request #10: Remove support for non-SSL connections in OpenVAS-ClientStatus: Voted +2. Implemented with revision 937. Released with OpenVAS-Client 1.0.4.
To force the client to establish an encrypted connection to the server and thus avoid the transmission of unencrypted data between server and client.
To remove unused code from the OpenVAS-Client codebase and improve maintainability of the code.
To avoid confusion that could arise when users try to establish an unencrypted connection to OpenVAS-Server.
OpenVAS-Client provides an option to use SSL encryption for the communication between client and server. This option defaults to the use of encryption. Disabling this option cause the communication to be unencrypted and opens the possibility for a potential eavesdropper to intercept and/or manipulate the data sent between server and client. Because of this, support for unencrypted communication has already been removed from OpenVAS-Server. However, code for this option is still present in the client even though it is no longer functional.
Also, code for an unencrypted communication with the server via an unix socket is still present in the client even though support for this on the server has already been removed as well. This code can be removed since SSL support is present and the use of unix sockets was only a workaround for unencrypted network communication.
While support for an unencrypted connection between client and server has been removed from OpenVAS-Server, it should be noted that this option was still viable for connections between an OpenVAS-Client and a Nessus 2.2 server. Removal of support for non-SSL connections in OpenVAS-Client will mean that those connections will no longer work.
- An unencrypted communication between server and client will no longer be possible; this mainly affects connections between an OpenVAS client and a Nessus 2.2 server, since support has already been disabled in OpenVAS-Server.
Design and Implementation
- openvas-client/nessus/prefs_dialog/prefs_dialog_auth.c: Remove "Use SSL encryption" option from authentication dialog and remove handling for this option.
- openvas-client/nessus/nessus.c: Establish only encrypted connections.
- nessus/prefs_dialog/prefs_dialog_auth.c, nessus/preferences.c, nessus/sighand.c, nessus/sslui.c, nessus/nessus.c, nessus/nessus.h, nessus/globals.h, include/config32.h, include/config32.h, include/includes.h, include/libnessus.h, libnessus/network.h, libnessus/network.c and possibly others: Clean up code relating to USE_AF_UNIX, HAVE_SSL, NESSUS_ON_SSL, etc.; remove all handling of socket and non-SSL connections.
- 2008-06-23 Michael Wiegand <email@example.com>:
- 2008-06-18 Jan-Oliver Wagner <firstname.lastname@example.org>:
Added voting result.
- 2008-06-06 Michael Wiegand <email@example.com>: