From ad8684d3243c8a2d078f51138456739473048fc8 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Fri, 14 Mar 2025 14:06:17 -0700
Subject: [PATCH] Fix OpenSSL version check

Before version 3.0.0, OpenSSL versions includes letters (e.g., 1.1.1w). Such version numbers confuse [[ ${OSSL_VER//./} -ge 210 ]]. Since this check is only needed for LibreSSL, this commit adds a conditional so that the check is only performed for LibreSSL.
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index a917c47..6ae4580 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -20622,7 +20622,7 @@ find_openssl_binary() {
      OPENSSL_NR_CIPHERS=$(count_ciphers "$(actually_supported_osslciphers 'ALL:COMPLEMENTOFALL' 'ALL')")
 
      if [[ $OPENSSL_NR_CIPHERS -le 140 ]]; then
-          [[ ${OSSL_VER//./} -ge 210 ]] && HAS_DH_BITS=true
+          [[ "$OSSL_NAME" =~ LibreSSL ]] && [[ ${OSSL_VER//./} -ge 210 ]] && HAS_DH_BITS=true
           if "$SSL_NATIVE"; then
                outln
                pr_warning "LibreSSL/OpenSSL in native ssl mode with poor cipher support is not a good choice for testing INSECURE features!"