Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixed whitespaces/tabs

Browse Source
This commit is contained in:
tosticated 2020-10-20 13:03:30 +02:00
parent a252eeb11d
commit 3e2d1b943d
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
testssl.sh
View File

@ -16076,23 +16076,22 @@ run_renego() {
fi fi
case "$sec_client_renego" in case "$sec_client_renego" in
0) # We try again if server is HTTP. This could be either a node.js server or something else. 0) # We try again if server is HTTP. This could be either a node.js server or something else.
# Mitigations (default values) for: # Mitigations (default values) for:
# - node.js allows 3x R and then blocks. So then 4x should be tested. # - node.js allows 3x R and then blocks. So then 4x should be tested.
# - F5 BIG-IP ADS allows 5x R and then blocks. So then 6x should be tested. # - F5 BIG-IP ADS allows 5x R and then blocks. So then 6x should be tested.
# This way we save a couple seconds as we weeded out the ones which are more robust # This way we save a couple seconds as we weeded out the ones which are more robust
# Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS. # Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS.
if [[ $SERVICE != HTTP ]]; then if [[ $SERVICE != HTTP ]]; then
pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat" pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint" fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
else else
(for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep 1; done) | \ (for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep 1; done) | \
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
case $? in case $? in
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)" 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint" fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
;; ;;
1) pr_svrty_good "not vulnerable (OK)" 1) pr_svrty_good "not vulnerable (OK)"; outln " -- mitigated (disconnect within $ssl_reneg_attempts)"
outln " -- mitigated (disconnect within $ssl_reneg_attempts)"
fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
;; ;;
*) prln_warning "FIXME (bug): $sec_client_renego ($ssl_reneg_attempts tries)" *) prln_warning "FIXME (bug): $sec_client_renego ($ssl_reneg_attempts tries)"