Hello everyone,

We are setting up the Qualys connector for the first time and we have run into an interesting scenario. While attempting to run the qualys_connector.pl script the following messages are displayed:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Tue Feb 21 10:13:16 2017 [INFO] Launching Report
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
Tue Feb 21 10:13:18 2017 [ERROR] Launch response: <?xml version="1.0" encoding=" UTF-8" ?>
<!DOCTYPE SIMPLE_RETURN SYSTEM "https://qualysapi.qualys.com/api/2.0/simple_retu rn.dtd">
<SIMPLE_RETURN>
<RESPONSE>
<DATETIME>2017-02-21T15:13:18Z</DATETIME>
<CODE>1903</CODE>
<TEXT>Missing required parameter(s): report_refs (this report requires a tar get)</TEXT>
</RESPONSE>
</SIMPLE_RETURN>

Understanding that our report is missing parameter (If anyone knows what that is, please let me know), what is also concerning is that the connector is opening a SSL v3 connection to Qualys. Does anyone know how to force the connector to TLS 1.x? I have included details of our environment below.

Host OS: RHEL 7.3

Perl version: v5.16.3

Perl modules installed with versions:

• IO::Socket::SSL v2.046
• XML::Simple v2.22
• XML::Twig v3.52
• Net::IP v1.26
• YAML::XS v0.63
• LWP::UserAgent v 6.19
• Net::SSL v2.86