Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix s_client_options()

Browse Source 
This commit fixes an error in s_client_options() when the function is called with an empty "-cipher" list and $OPENSSL supports "@SECLEVEL". This happens, for example, when ciphers_by_strength() is called for TLS 1.3.

The call to `openssl s_client` will fail is the cipher option is provided with an empty list or a list that just contains "@SECLEVEL=0". So, "@SECLEVEL=0" should only be added if the "$ciphers" list is non-empty. If "$ciphers" remains empty, then the "-cipher" option will not be added to the command line.
This commit is contained in:
David Cooper 2021-10-25 12:15:13 -04:00
parent e36cfffb2c
commit 00fb68f47c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@ -2197,7 +2197,7 @@ s_client_options() {
if "$HAS_SECLEVEL"; then
if [[ "$ciphers" == notpresent ]]; then
[[ ! " $options " =~ \ -tls1_3\ ]] && ciphers="@SECLEVEL=0:ALL:COMPLEMENTOFALL"
else
elif [[ -n "$ciphers" ]]; then
ciphers="@SECLEVEL=0:$ciphers"
fi
fi