From fc1206cfea599b3087f170a12f79a969e8f3e482 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Fri, 9 Aug 2019 19:44:03 +0200 Subject: [PATCH] Add CVE for Secure Client-Initiated Renegotiation vulnerability --- testssl.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/testssl.sh b/testssl.sh index a03aecb..0093a8f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -14100,6 +14100,7 @@ run_renego() { pr_bold " Secure Client-Initiated Renegotiation " jsonID="secure_client_renego" + cve="CVE-2011-1473" # see: https://blog.qualys.com/ssllabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks # http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html -- head/get doesn't seem to be needed though # https://archive.fo/20130415224936/http://www.thc.org/thc-ssl-dos/, https://vincent.bernat.ch/en/blog/2011-ssl-dos-mitigation