|appelkip||PSI hangs while loading: certificate issue|
|19th Jan, 2014 16:04|
User Since: 19th Jan, 2014
System Score: N/A
I've used PSI for many years and I really like the product. But recently, PSI v126.96.36.19901 failed to get past the 'Verifying internet connection' page. I tried to update to v188.8.131.5216 (which I don't like for its hideous and less feature-rich design), but that can't get past the 'Loading' screen either. I also tried v184.108.40.206 (or something, just removed it) and for some reason that's the only one that actually gives a proper error message explaining something: "Error verifying security certificate".
- Yes, I did everything in this FAQ (https://secunia.com/products/consumer/PSI/faq/).
- No, I don't run additional traffic blocking software.
- Yes, except for Windows Firewall, but I've specifically allowed traffic for all PSI executables.
- Yes, I let it run for more than a few minutes.
- No, it is not secretly scanning, there's no change in CPU (0%), Disk (0 B/sec) or RAM (7008 kB private) usage.
- Yes, both services (PSI Agent and Update Agent) are currently running and are started automatically.
- Yes, I tried 'sua.exe -i -L', changed nothing.
- I use Windows 7 SP1, x64.
I actually used Wireshark to analyze my traffic. There's a TLS handshake taking place, but right after the server certificate my pc sends a TCP FYN packet to close the TCP connection.
So, a certificate thing. But: both Chrome and Firefox have no trouble with the Secunia certificate when visiting over SSL, Thawte Extended Validation is listed as intermediate CA and Thawte Primate Root is listed as trusted root CA.
1. Why does Secunia PSI fail to set up the SSL connection?
2. How to solve this?
3. Why would one design a software product in such a way that when there's no required TCP connection and its just idling forever, the user is not informed in any way?
(And yes, I cleared the SSL cache and unchecked the internet option to check revocation of server certificates. No avail.)
Kind regards and thanks in advance!
|appelkip||RE: PSI hangs while loading: certificate issue|
|19th Jan, 2014 16:33|
User Since: 19th Jan 2014
System Score: N/A
|Oh oops, I already found the solution. For those who are stuck with the same problem: the Secunia server only supports TLS 1.0. I recently only allowed TLS 1.2, because of the new attacks on TLS 1.0 that were published last year...|
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.