Handle the case GNUTLS_E_DH_PRIME_UNACCEPTABLE error. Retry with a lo…

…wer prime bits number. For this, use the new bit flag variable.
greenbone · Feb 8, 2022 · 4947e4e · 4947e4e
1 parent 1279e91
commit 4947e4e
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/nasl/nasl_builtin_find_service.c b/nasl/nasl_builtin_find_service.c
@@ -1607,7 +1607,16 @@ plugin_do_run (struct script_infos *desc, GSList *h, int test_ssl)
                 trp = OPENVAS_ENCAPS_IP;
               gettimeofday (&tv1, NULL);
               cnx = open_stream_connection (desc, port, trp, cnx_timeout);
-              if (cnx < 0 && test_ssl)
+              if (cnx == -2 && test_ssl)
+                {
+                  unsigned int flags = INSECURE_DH_PRIME_BITS;
+
+                  gettimeofday (&tv1, NULL);
+                  cnx = open_stream_connection_ext (
+                    desc, port, trp, cnx_timeout, "NORMAL:+ARCFOUR-128:%COMPAT",
+                    flags);
+                }
+              else if (cnx < 0 && test_ssl)
                 {
                   trp = OPENVAS_ENCAPS_IP;
                   gettimeofday (&tv1, NULL);