From 4ce91d7d6175e16e73f3ba3f8cf58c9c6079164c Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Sun, 8 Sep 2024 12:27:51 +0200 Subject: [PATCH] Explain OSSL_SHORTCUT better, "automagically" is the word we wanted to use --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 06115b5..a1b4021 100755 --- a/testssl.sh +++ b/testssl.sh @@ -246,7 +246,7 @@ TLS_DATA_FILE="" # mandatory file for socket-based handsh OPENSSL="" # ~/bin/openssl.$(uname).$(uname -m) if you run this from GitHub. Linux otherwise probably /usr/bin/openssl OPENSSL2=${OPENSSL2:-/usr/bin/openssl} # This will be openssl version >=1.1.1 (auto determined) as opposed to openssl-bad (OPENSSL) OPENSSL2_HAS_TLS_1_3=false # If we run with supplied binary AND $OPENSSL2 supports TLS 1.3 this will be set to true -OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # Hack: if during the scan turns out the OpenSSL binary supports TLS 1.3 would be a better choice +OSSL_SHORTCUT=${OSSL_SHORTCUT:-true} # If you don't want automagically switch from $OPENSSL to $OPENSSL2 for TLS 1.3 hosts, set this to false OPENSSL_LOCATION="" IKNOW_FNAME=false FIRST_FINDING=true # is this the first finding we are outputting to file? @@ -22039,8 +22039,8 @@ determine_optimal_proto() { if "$OPENSSL2_HAS_TLS_1_3"; then if "$OSSL_SHORTCUT" || [[ "$WARNINGS" == batch ]]; then # switch w/o asking - OPEN_MSG=" $NODE:$PORT appeared to support TLS 1.3 ONLY. Thus switched implicitly from\n \"$OPENSSL\" to \"$OPENSSL2\"." - fileout "$jsonID" "INFO" "$NODE:$PORT appears to support TLS 1.3 ONLY, switching from $OPENSSL to $OPENSSL2 was implicitly enforced" + OPEN_MSG=" $NODE:$PORT appeared to support TLS 1.3 ONLY. Thus switched automagically from\n \"$OPENSSL\" to \"$OPENSSL2\"." + fileout "$jsonID" "INFO" "$NODE:$PORT appears to support TLS 1.3 ONLY, switching from $OPENSSL to $OPENSSL2 automagically" OPENSSL="$OPENSSL2" find_openssl_binary prepare_arrays