mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Update
This commit addresses TLSv1.3 servers that do not support session tickets by that support session resumption by ID, but only with TLSv1.2 or earlier.
This commit is contained in:
parent
0fe60e82a8
commit
644d7c839e
13
testssl.sh
13
testssl.sh
@ -6068,10 +6068,21 @@ sub_session_resumption() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
"$CLIENT_AUTH" && return 3
|
"$CLIENT_AUTH" && return 3
|
||||||
|
if "$HAS_NO_SSL2"; then
|
||||||
|
addcmd+=" -no_ssl2"
|
||||||
|
else
|
||||||
protocol=${protocol/\./_}
|
protocol=${protocol/\./_}
|
||||||
protocol=${protocol/v/}
|
protocol=${protocol/v/}
|
||||||
protocol="-$(tolower $protocol)"
|
protocol="-$(tolower $protocol)"
|
||||||
"$HAS_NO_SSL2" && addcmd+=" -no_ssl2" || addcmd+=" $protocol"
|
# In some cases a server will not support session tickets, but will support session resumption
|
||||||
|
# by ID. In such a case, it may be more likely to support session resumption with TLSv1.2 than
|
||||||
|
# with TLSv1.3. So, if testing a server that does not support session tickets and that supports
|
||||||
|
# both TLSv1.3 and TLSv1.2 for session resumption by ID, then use a TLSv1.2 ClientHello. (Note that
|
||||||
|
# the line below assumes that if $protocol is -tls1_3, then the server either supports TLSv1.2 or
|
||||||
|
# is TLSv1.3-only.
|
||||||
|
! "$TLS_TICKETS" && "$byID" && [[ $(has_server_protocol "tls1_2") -eq 0 ]] && protocol="-tls1_2"
|
||||||
|
addcmd+=" $protocol"
|
||||||
|
fi
|
||||||
|
|
||||||
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_out $sess_data") </dev/null &>/dev/null
|
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI $addcmd -sess_out $sess_data") </dev/null &>/dev/null
|
||||||
ret1=$?
|
ret1=$?
|
||||||
|
Loading…
Reference in New Issue
Block a user