Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added SNI to openssl call for testing secure renegotiation

Browse Source
This commit is contained in:
mum-viadee 2023-05-12 13:53:54 +02:00
parent aa5235e658
commit 04f7b34028
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -16896,7 +16896,7 @@ run_renego() {
local hint=""
local jsonID=""
local ssl_reneg_attempts=$SSL_RENEG_ATTEMPTS
# No SNI needed here as there won't be two different SSL stacks for one IP
# SNI is needed here as openssl return an error if missing
"$HAS_TLS13" && [[ -z "$proto" ]] && proto="-no_tls1_3"
@ -16913,7 +16913,7 @@ run_renego() {
fileout "$jsonID" "OK" "TLS 1.3 only server" "$cve" "$cwe"
else
# first fingerprint for the Line "Secure Renegotiation IS NOT" or "Secure Renegotiation IS "
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
$OPENSSL s_client $(s_client_options "$proto $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") 2>&1 </dev/null >$TMPFILE 2>$ERRFILE
if sclient_connect_successful $? $TMPFILE; then
grep -iaq "Secure Renegotiation IS NOT" $TMPFILE
sec_renego=$? # 0= Secure Renegotiation IS NOT supported