parent
9447c8c866
commit
4639e996db
15
testssl.sh
15
testssl.sh
|
@ -7512,7 +7512,7 @@ tls_time() {
|
|||
|
||||
pr_bold " TLS clock skew" ; out "$spaces"
|
||||
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
|
||||
return 1
|
||||
fi
|
||||
|
@ -7872,7 +7872,7 @@ get_server_certificate() {
|
|||
success=$?
|
||||
else
|
||||
# For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
|
||||
if [[ "$STARTTLS" =~ ldap ]] || [[ "$STARTTLS" =~ irc ]]; then
|
||||
if [[ "$STARTTLS" =~ irc ]]; then
|
||||
return 1
|
||||
elif [[ "$1" =~ tls1_3_RSA ]]; then
|
||||
tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01"
|
||||
|
@ -15852,7 +15852,7 @@ run_heartbleed(){
|
|||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for heartbleed vulnerability " && outln
|
||||
pr_bold " Heartbleed"; out " ($cve) "
|
||||
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
|
||||
return 1
|
||||
fi
|
||||
|
@ -15962,7 +15962,7 @@ run_ccs_injection(){
|
|||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CCS injection vulnerability " && outln
|
||||
pr_bold " CCS"; out " ($cve) "
|
||||
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
|
||||
return 1
|
||||
fi
|
||||
|
@ -17653,7 +17653,7 @@ run_drown() {
|
|||
cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /}
|
||||
fi
|
||||
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
|
||||
return 1
|
||||
fi
|
||||
|
@ -18058,7 +18058,7 @@ run_winshock() {
|
|||
outln
|
||||
return 0
|
||||
fi
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
|
||||
return 1
|
||||
fi
|
||||
|
@ -19039,7 +19039,7 @@ run_robot() {
|
|||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability " && outln
|
||||
pr_bold " ROBOT "
|
||||
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then
|
||||
prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here"
|
||||
return 1
|
||||
fi
|
||||
|
@ -21400,7 +21400,6 @@ determine_sizelimitbug() {
|
|||
|
||||
# For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP)
|
||||
# Fixme: find out whether we can't skip this in general for STARTTLS
|
||||
[[ "$STARTTLS" =~ ldap ]] && return 0
|
||||
[[ "$STARTTLS" =~ irc ]] && return 0
|
||||
|
||||
# Only with TLS 1.2 offered at the server side it is possible to hit this bug, in practice. Thus
|
||||
|
|
Loading…
Reference in New Issue