diff --git a/testssl.sh b/testssl.sh index 3f4cb69..43edd4e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -7512,7 +7512,7 @@ tls_time() { pr_bold " TLS clock skew" ; out "$spaces" - if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then + if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here" return 1 fi @@ -7872,7 +7872,7 @@ get_server_certificate() { success=$? else # For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP) - if [[ "$STARTTLS" =~ ldap ]] || [[ "$STARTTLS" =~ irc ]]; then + if [[ "$STARTTLS" =~ irc ]]; then return 1 elif [[ "$1" =~ tls1_3_RSA ]]; then tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01" @@ -15852,7 +15852,7 @@ run_heartbleed(){ [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for heartbleed vulnerability " && outln pr_bold " Heartbleed"; out " ($cve) " - if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then + if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here" return 1 fi @@ -15962,7 +15962,7 @@ run_ccs_injection(){ [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CCS injection vulnerability " && outln pr_bold " CCS"; out " ($cve) " - if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then + if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here" return 1 fi @@ -17653,7 +17653,7 @@ run_drown() { cert_fingerprint_sha2=${cert_fingerprint_sha2/SHA256 /} fi - if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then + if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here" return 1 fi @@ -18058,7 +18058,7 @@ run_winshock() { outln return 0 fi - if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then + if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here" return 1 fi @@ -19039,7 +19039,7 @@ run_robot() { [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Return of Bleichenbacher's Oracle Threat (ROBOT) vulnerability " && outln pr_bold " ROBOT " - if [[ "$STARTTLS_PROTOCOL" =~ ldap ]] || [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then + if [[ "$STARTTLS_PROTOCOL" =~ irc ]]; then prln_local_problem "STARTTLS/$STARTTLS_PROTOCOL and --ssl-native collide here" return 1 fi @@ -21400,7 +21400,6 @@ determine_sizelimitbug() { # For STARTTLS protocols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP) # Fixme: find out whether we can't skip this in general for STARTTLS - [[ "$STARTTLS" =~ ldap ]] && return 0 [[ "$STARTTLS" =~ irc ]] && return 0 # Only with TLS 1.2 offered at the server side it is possible to hit this bug, in practice. Thus