std_cipherlists() and has_server_protocol()
`std_cipherlists()` uses `has_server_protocol()` to determine whether to test for ciphers using SSLv2. However, this was resulting in false negatives due to #759. This PR removes the `has_server_protocol()` check so that SSLv2 is checked whenever the connection attempt with the TLSv1.2 ClientHello failed.
This commit is contained in:
parent
468e96f419
commit
1ee4db4e41
|
@ -2276,7 +2276,7 @@ std_cipherlists() {
|
|||
sclient_success=$?
|
||||
[[ $sclient_success -eq 2 ]] && sclient_success=0
|
||||
fi
|
||||
if [[ $sclient_success -ne 0 ]] && has_server_protocol "ssl2"; then
|
||||
if [[ $sclient_success -ne 0 ]]; then
|
||||
if ( [[ -z "$6" ]] || "$FAST" ) && "$HAS_SSL2" && listciphers "$1" -ssl2; then
|
||||
$OPENSSL s_client -cipher "$1" $BUGS $STARTTLS -connect $NODEIP:$PORT $PROXY -ssl2 2>$ERRFILE >$TMPFILE </dev/null
|
||||
sclient_connect_successful $? $TMPFILE
|
||||
|
|
Loading…
Reference in New Issue