Nessus SSL error in the Risk Automation Suite vulnerability scan history.

Article:TECH147220  |  Created: 2010-12-30  |  Updated: 2011-07-12  |  Article URL
Article Type
Technical Solution


Vulnerability scans in Risk Automation Suite using SecureRecon with Nessus are not running or completing. The error below is showing in the RAS vulnerability scan history.


There was no output data from scanner. Scanner IP : x.x.x.x [date and time][17247.0] SSL_CTX_set_cipher_list: error:140E6118:SSL routines:SSL_CIPHER_PROCESS_RULESTR:invalid command [date and time][17247.0] SSL_connect: error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported certificate nessus : SSL error


Risk Automation Suite 4.0.4 running on Windows Server 2003 Enterprise

SecureRecon 5 and Nessus 4 running on SuSE Enterprise 5


  1. Login to RAS portal and delete the current Nessus scanner
  2. Edit nessusd.conf and remove the line: “ssl_cipher_list =SSLv2:-LOW:-EXPORT:RC4+RSA”
  3. Restart nessus:
    service nessusd stop
    service nessusd start
  4. Stop SecureRecon
  5. cd /securerecon
  6. mv RASAgent.conf RASAgent.conf.old
  7. Reconfigure SecureRecon 
    ./SecureRecon –s
    SecureRecon version, copyright Symantec Corporation 2010
    Which scanner do you want to integrate with? [0]
    [0] Nessus
    Enter the full path to the Nessus client executable (0) :/opt/nessus/bin/nessus
    Enter the full path to the Nessus configuration file () : /opt/nessus/etc/nessus/nessusd.conf
    Enter the full path to the Nessus plugins directory () : /opt/nessus/lib/nessus/plugins
    Enter the Nessus server IP/hostname () :localhost
    Enter the Nessus port (0) :1241
    Enter the Nessus user () :…..
    Enter the Nessus user's password () : ……
    Enter the number of IP addresses to batch per scan (10) :5
    Enter the number of the output file type you want to use (0)
    [0] .nbe
    [1] .nessus
    enter 1
    Enter the number of the logging level you want to use (0)
    [0] Low
    [1] Medium
    [2] High
    enter 2
    SecureRecon interactive setup is complete.
  8. Register SecureRecon
    ./SecureRecon -r <RAS_portal_name_or_IP> <RAS_user> <RAS_password>
  9. Start SecureRecon
  10. Run a scan from RAS


Article URL

Terms of use for this information are found in Legal Notices