mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-22 08:29:31 +01:00
Merge pull request #1349 from drwetter/add_1336
Remove double TLS13 only handling
This commit is contained in:
commit
764466d710
30
testssl.sh
30
testssl.sh
@ -5468,34 +5468,6 @@ run_protocols() {
|
|||||||
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
|
[[ $? -ne 0 ]] && exit $ERR_CLUELESS
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$(has_server_protocol "tls1_3")" -eq 0 ]]; then
|
|
||||||
if [[ "$(has_server_protocol "tls1_2")" -ne 0 ]] && [[ "$(has_server_protocol "tls1_1")" -ne 0 ]] &&
|
|
||||||
[[ "$(has_server_protocol "tls1")" -ne 0 ]] && [[ "$(has_server_protocol "ssl3")" -ne 0 ]]; then
|
|
||||||
TLS13_ONLY=true
|
|
||||||
if ! "$HAS_TLS13"; then
|
|
||||||
pr_magenta " $NODE:$PORT appears to support TLS 1.3 ONLY. You better use --openssl=<path_to_openssl_supporting_TLS_1.3>"
|
|
||||||
if [[ -x /usr/bin/openssl ]] && /usr/bin/openssl s_client -tls1_3 -connect x 2>&1 | grep -aq "unknown option"; then
|
|
||||||
outln
|
|
||||||
ignore_no_or_lame " Type \"yes\" to proceed and accept all scan problems" "yes"
|
|
||||||
MAX_OSSL_FAIL=10
|
|
||||||
else
|
|
||||||
if "$OSSL_SHORTCUT"; then
|
|
||||||
# dirty hack but an idea for the future to be implemented upfront: Now we know, we'll better off
|
|
||||||
# with the OS supplied openssl binary. We need to inittialize variables / arrays again though.
|
|
||||||
# And the service detection can't be made up for now
|
|
||||||
outln ", proceeding with /usr/bin/openssl"
|
|
||||||
OPENSSL=/usr/bin/openssl
|
|
||||||
find_openssl_binary
|
|
||||||
prepare_arrays
|
|
||||||
else
|
|
||||||
outln
|
|
||||||
ignore_no_or_lame " Type \"yes\" to proceed and accept all scan problems" "yes"
|
|
||||||
MAX_OSSL_FAIL=10
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -18041,7 +18013,7 @@ determine_optimal_proto() {
|
|||||||
# dirty hack but an idea for the future to be implemented upfront: Now we know, we'll better off
|
# dirty hack but an idea for the future to be implemented upfront: Now we know, we'll better off
|
||||||
# with the OS supplied openssl binary. We need to inittialize variables / arrays again though.
|
# with the OS supplied openssl binary. We need to inittialize variables / arrays again though.
|
||||||
# And the service detection can't be made up for now
|
# And the service detection can't be made up for now
|
||||||
outln ", proceeding with /usr/bin/openssl"
|
outln ", \n proceeding with /usr/bin/openssl"
|
||||||
OPENSSL=/usr/bin/openssl
|
OPENSSL=/usr/bin/openssl
|
||||||
find_openssl_binary
|
find_openssl_binary
|
||||||
prepare_arrays
|
prepare_arrays
|
||||||
|
Loading…
Reference in New Issue
Block a user