Qualys connector openning SSL v2/v3 connections

Unanswered Question
Feb 21st, 2017
User Badges:

Hello everyone,


We are setting up the Qualys connector for the first time and we have run into an interesting scenario. While attempting to run the qualys_connector.pl script the following messages are displayed:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Tue Feb 21 10:13:16 2017 [INFO] Launching Report
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Tue Feb 21 10:13:18 2017 [ERROR] Launch response: <?xml version="1.0" encoding=" UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_retu rn.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2017-02-21T15:13:18Z</DATETIME>
<CODE>1903</CODE>
<TEXT>Missing required parameter(s): report_refs (this report requires a tar get)</TEXT>
</RESPONSE>
</SIMPLE_RETURN>

Understanding that our report is missing parameter (If anyone knows what that is, please let me know), what is also concerning is that the connector is opening a SSL v3 connection to Qualys. Does anyone know how to force the connector to TLS 1.x? I have included details of our environment below.

Host OS: RHEL 7.3

Perl version: v5.16.3

Perl modules installed with versions:

  • IO::Socket::SSL v2.046
  • XML::Simple v2.22
  • XML::Twig v3.52
  • Net::IP v1.26
  • YAML::XS v0.63
  • LWP::UserAgent v 6.19
  • Net::SSL v2.86
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dohurd Thu, 03/02/2017 - 07:51
User Badges:
  • Cisco Employee,

This is a supported Host Input Connector.  You can open a TAC support case and get help directly from the support team.


Doug


Actions

This Discussion