Merge pull request #2892 from testssl/lucky_phrasing_3.2

Lucky13: improve phrasing for 3.2
2025-12-19 13:32:05 +01:00 · 2025-09-18 10:24:53 +02:00
parent 13c7977c7c ae5033a3c7
commit 71f60a1317
2 changed files with 3 additions and 3 deletions
--- a/testssl.sh
+++ b/testssl.sh
@@ -19608,8 +19608,8 @@ run_lucky13() {
     fi
     if [[ $sclient_success -eq 0 ]]; then
          out "potentially "
-          pr_svrty_low "VULNERABLE"; out ", uses cipher block chaining (CBC) ciphers with TLS. Check patches"
-          fileout "$jsonID" "LOW" "potentially vulnerable, uses TLS CBC ciphers" "$cve" "$cwe" "$hint"
+          pr_svrty_low "VULNERABLE"; out ", uses obsolete cipher block chaining ciphers with TLS, see server prefs."
+          fileout "$jsonID" "LOW" "potentially vulnerable, uses obsolete TLS CBC ciphers" "$cve" "$cwe" "$hint"
          # the CBC padding which led to timing differences during MAC processing has been solved in openssl (https://www.openssl.org/news/secadv/20130205.txt)
          # and other software. However we can't tell with reasonable effort from the outside. Thus we still issue a warning and label it experimental
     else