std_cipherlists() and has_server_protocol()

`std_cipherlists()` uses `has_server_protocol()` to determine whether to test for ciphers using SSLv2. However, this was resulting in false negatives due to #759. This PR removes the `has_server_protocol()` check so that SSLv2 is checked whenever the connection attempt with the TLSv1.2 ClientHello failed.
This commit is contained in:
David Cooper 2017-07-25 13:24:29 -04:00 committed by GitHub
parent 468e96f419
commit 1ee4db4e41
1 changed files with 1 additions and 1 deletions

View File

@ -2276,7 +2276,7 @@ std_cipherlists() {
sclient_success=$? sclient_success=$?
[[ $sclient_success -eq 2 ]] && sclient_success=0 [[ $sclient_success -eq 2 ]] && sclient_success=0
fi fi
if [[ $sclient_success -ne 0 ]] && has_server_protocol "ssl2"; then if [[ $sclient_success -ne 0 ]]; then
if ( [[ -z "$6" ]] || "$FAST" ) && "$HAS_SSL2" && listciphers "$1" -ssl2; then if ( [[ -z "$6" ]] || "$FAST" ) && "$HAS_SSL2" && listciphers "$1" -ssl2; then
$OPENSSL s_client -cipher "$1" $BUGS $STARTTLS -connect $NODEIP:$PORT $PROXY -ssl2 2>$ERRFILE >$TMPFILE </dev/null $OPENSSL s_client -cipher "$1" $BUGS $STARTTLS -connect $NODEIP:$PORT $PROXY -ssl2 2>$ERRFILE >$TMPFILE </dev/null
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE