Oracle Weblogic 10.3 + gnutls-cli = A TLS fatal...

Michael Meyer mime at
Wed Feb 17 20:51:12 CET 2010

*** Simon Josefsson <simon at> wrote:
> Michael Meyer <mime at> writes:
> Identifying that with confidence requires access to the server to look
> at the actual server system.  Looking at logs and/or the binaries may
> help.

There is a trial version available at

I have Oracle WebLogic Server 10.3 (also the trial version) running under a
Microsoft Windows XP.

> I don't think defaulting to insecure mode is a good idea.  


> Using GnuTLS in known insecure modes just because there are broken
> servers out there doesn't seem like a good idea. Then you might as well
> not use TLS at all, and just use TCP?

Let me explain.

OpenVAS stands for Open Vulnerability Assessment System and is a
network security scanner. OpenVAS is a GPL fork of Nessus.

I try to write a plugin for

Normaly this is very simple. See

For that a SSL connection is required.

in NASL (Nessus Attack Scripting Language) it would look like (simplified):

| port = 5556;
| soc = open_sock_tcp(port, transport: ENCAPS_SSLv3); # or ENCAPS_SSLv23, ENCAPS_TLSv1
| if(!soc) {
|   display("NO SOCKET\n\n");
| } else {
|   display("SOCKET OK\n\n");
|   send(socket:soc, data: string("HELLO asdf\r\n"));
|   buf = recv(socket:soc, length: 512);
|   display("\n",buf,"\n\n");
|   close(soc);
| }

Result should be "+OK Node manager v10.3 started". I got always "NO
SOCKET". With any kind of "transport". GnuTLS error at this point is:
"A TLS fatal alert has been received".

At this point, it's a problem, if GnuTLS (rather the NASL function
open_sock_tcp() which is using GnuTLS) cant't connect to the remote
service because of some problems (e.g. broken certificate, insecure
cipher, ...) on the remote side. It means that I can not recognize the
vulnerability. That's bad. ;)

That's why i need - whenever humanly possible - a succesfull
connection. In this case I'm not interested whether the connection is
really secure.


More information about the Gnutls-help mailing list