From ae8a056afe2a1129e02cf5dd0c9115d1d72c158a Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Mon, 4 May 2020 14:29:13 -0400
Subject: [PATCH] Check server's response

There is code at the beginning of parse_tls_serverhello() that checks whether the server's response appears to consist of a sequence of messages of the form <protocol><content type><content>. However, at the moment the check is only performed if "$do_starttls" is false. This commit changes parse_tls_serverhello() so that the check is always performed.
---
 testssl.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index ba67b8e..ccbe7a6 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -12793,7 +12793,8 @@ parse_tls_serverhello() {
                     [[ $DEBUG -ge 1 ]] && tmpfile_handle ${FUNCNAME[0]}.txt
                     return 3
                fi
-          elif [[ $tls_content_type != 14 ]] && [[ $tls_content_type != 15 ]] && \
+          fi
+          if [[ $tls_content_type != 14 ]] && [[ $tls_content_type != 15 ]] && \
                [[ $tls_content_type != 16 ]] && [[ $tls_content_type != 17 ]]; then
                debugme tmln_warning "Content type other than alert, handshake, change cipher spec, or application data detected."
                [[ $DEBUG -ge 1 ]] && tmpfile_handle ${FUNCNAME[0]}.txt