TCP connections on the chosen network interface and attempts to
interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS
traffic, it decodes the records and displays them in a textual form
to stdout. If provided with the appropriate keying material, it
will also decrypt the connections and display the application data
traffic.
Requested by Dan Winship.
* enable pwcheck method if CYRUS_USE_PWCHECK is set (closes
PR 11305 by David Edmondson <dme@dme.org>)
* only enable Kerberos 4 if KERBEROS is set to 4 (depends on
kth-krb4, in this case), otherwise explicitly disable Kerberos
. changes by Renaud Deraison (deraison at nessus.org) :
- added experimental KB saving, to prevent the audit to restart
from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html
for details
- added experimental detached scans.
See http://www.nessus.org/doc/detached_scan.html for details
- bug in the test of DoS attacks fixed (thanks to Christophe Grenier,
Christophe.Grenier@esiea.fr)
- minor changes in nessus-adduser
- scripts that open a UDP socket read the result of a UDP scan first
- when it receives a SIGHUP, nessusd first frees memory. It also closes
and re-opens the nessusd.messages file
- the plugin timeout is now user definable, in nessusd.conf
- 64 bit compatible (nessusd would produce warnings when running
on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team
for having given me access to an IA-64 to compile and try Nessus.
. Changes by Jordan Hrycaj <jordan@mjh.teddy-net.com>
- faster cipher layer
. Other changes :
- a GTK error would sometime be produced when the client is run in
batch mode (Cyril Leclerc <cleclerc at boreal-com.fr>)
Digest::MD5 will now try to fallback to the pure perl
implementation of Digest::Perl::MD5 if bootstrap fails.
Added a bit internal paranoia about casting the IV
in the Digest::MD5 object to the MD5_CTX* pointer.
xdm-krb4 now has an option, -nostrictkrb4, which allows it to fall back
to non-Kerberos authentication if the KRB4 authentication fails. (Much
wanted by sites with a mix of Kerberos and non-Kerberos users).
Noteworthy changes in version 1.0.3 (2000-09-18)
------------------------------------------------
* Fixed problems with piping to/from other MS-Windows software
* Expiration time of the primary key can be changed again.
* Revoked user IDs are now marked in the output of --list-key
* New options --show-session-key and --override-session-key
to help the British folks to somewhat minimize the danger
of this Orwellian RIP bill.
* New options --merge-only and --try-all-secrets.
* New configuration option --with-egd-socket.
* The --trusted-key option is back after it left us with 0.9.5
* RSA is supported. Key generation does not yet work but will come
soon.
* CAST5 and SHA-1 are now the default algorithms to protect the key
and for symmetric-only encryption. This should solve a couple
of compatibility problems because the old algorithms are optional
according to RFC2440
* Twofish and MDC enhanced encryption is now used. PGP 7 supports
this. Older versions of GnuPG don't support it, so they should be
upgraded to at least 1.0.2
- always use random number from /dev/urandom, instead of random(3).
- OpenSSL dependency is simplified - just use USE_SSL, and assume that
RSA function is there. pkgsrc does not really support intermediate
netbsd-current codebase. per discussion on packages@netbsd.org.
approved by packages@netbsd.org
- disable idea/rc5 in phase 1 by default
- use official DOI # for AES (= rijndael)
- be more careful about parsing variable-length packet content
- have __attribute__((__packed__)), be friendly with align-picky arch
(confirmed to be working on i386, sh3 and alpha)
BROKEN variable. Unfortunately, no ChangeLog is available.
Patch system dependent make goo to use 'SSLBASE', mirroring it's use in
bsd.pkg.mk, rather than obsolete 'PATENTEDOPENSSLSRC'. Also, replace hard-
coded "/usr/pkg", replacing it with ${LOCALBASE}. Finally, set 'LOCALBASE'
and 'SSLBASE' conditionally within the package, for convenience.
