# nessus ssl error

## The Dark

Hello there.

When i try to login in nessus i get a ssl error.

```
SSL_connect[9330]: error:00000000:lib(0):func(0):reason(0)
```

Does anybody know how to fix this..???

----------

## The Dark

nobody has a fix..????  :Crying or Very sad: 

----------

## The Dark

eeh...  :Shocked: 

Hello, so nobody has had this error before..??

----------

## garvald

hi there - I have the same problem - been trying to find out the solution for a while but can't - did you get it working eventually ?

g4rvald

----------

## The Dark

 *garvald wrote:*   

> hi there - I have the same problem - been trying to find out the solution for a while but can't - did you get it working eventually ?
> 
> g4rvald

 

Well kinda got it working, not in the way i wanted to  but yeah it's working.

But i don't think yah gonna like the way i did it   :Embarassed:   but here goes.

It's simple.. i got   :Evil or Very Mad:   :Evil or Very Mad:  MAD and reinstalled GENTOO. But this time i made shure

that my /etc/make.conf contained the words 

```
ssl
```

.

I think that the first time that i forgot to include this into my /etc/make.conf.

Still don't know how to really fix this problem, but this 2 DAY compiling aproach did it for me.

So i wish you luck, but snoop around a little before you  take the 1 to 3 day CompileWay, maybe there a nother user who fixed the problem.

GOOD LUCK.

----------

## markan18

I all, i got this mysterious ssl error too and i solved it.

To do so, i used strace.  Just after a client connects to the socket, nessusd reads hosts.allow and hosts.deny.  Nessusd seems to deny connection if hosts.deny tells it to do so no matter the content of hosts.allow.

I simply emptied my hosts.deny file to get nessusd to accept the connection and get rid of the ssl error.  

I used to think a server should accept a connection if it is explicitly allowed in host.allow no matter the content of host.deny but nessusd behaves differently.

All the time, i try to connect from localhost.

Here is the content of my hosts.allow file

ALL: 127.0.0.1/255.0.0.0

ALL: 192.168.20.0/255.255.255.0

I used to put ALL: ALL in my hosts.deny file but i got ssl errors this way.

I can sucessfully connect if my hosts.deny file is empty.

----------

## garvald

damn

you're right

I eventually got nessus working with the new nessus-installer.sh script available through the nessus website and I didnt have a clue why.

I didnt think about hosts.allow however. Nessus is compiled on gentoo with tcp-rwapper support, however it isnt with the sh install script that nessus.org hands out.

So anyway, here are the correct settings:

in /etc/hosts.deny:

ALL: ALL

in /etc/hosts.allow:

nessusd: ALL@127.0.0.1

you should NOT remove ALL: ALL from hosts.deny unless you definately know what you are doing or just dont have any services runnin  :Smile: 

thanks again though

----------

## The Dark

 *garvald wrote:*   

> damn
> 
> you're right
> 
> I eventually got nessus working with the new nessus-installer.sh script available through the nessus website and I didnt have a clue why.
> ...

 

As you see  there's always someone with the correct fix.

Thank you guys..

----------

## markan18

 *garvald wrote:*   

> damn
> 
> you should NOT remove ALL: ALL from hosts.deny unless you definately know what you are doing or just dont have any services runnin 
> 
> thanks again though

 

Don't worry for me.  Im behind my firewall and i have no services that starts automatically at boot, not even sshd!.  I start servers only when i need them and nobody on the internet can reach them anyway.  I use iptables to manage access to public services because i fear that not all servers will honor settings in hosts.allow and hosts.deny

----------

