diff --git a/testssl.sh b/testssl.sh index 7bced0d..ae7d5b3 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17107,13 +17107,14 @@ run_renego() { else # Clear the log to not get the content of previous run before the execution of the new one. echo -n > $TMPFILE - touch $TEMPDIR/not_killed + #RENEGOTIATING wait loop watchdog file + touch $TEMPDIR/allowed_to_loop # If we dont wait for the session to be established on slow server, we will try to re-negotiate # too early losing all the attempts before the session establishment as OpenSSL will not buffer them # (only the first will be till the establishement of the session). (j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; j=$(($j+1)); done; \ for ((i=0; i < $ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; j=0; \ - while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/not_killed ]] && [[ $k -lt 180 ]]; \ + while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] && [[ $k -lt 180 ]]; \ do sleep $ssl_reneg_wait; k=$(($k+1)); done; \ done) | \ $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE & @@ -17125,11 +17126,12 @@ run_renego() { tmp_result=$? pkill -HUP -P $watcher wait $watcher + rm -f $TEMPDIR/allowed_to_loop # If we are here, we have done two successful renegotiation (-2) and do the loop loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE )-2)) if [[ -f $TEMPDIR/was_killed ]]; then tmp_result=2 - rm -f $TEMPDIR/not_killed + rm -f $TEMPDIR/was_killed fi case $tmp_result in 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"