Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-02-27 10:01:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Minor tweak to run_tls_fallback_scsv()

Browse Source 
If the server is known not to support TLS 1.3 (as well as TLS 1.2, TLS 1.1, and TLS 1), then mention TLS 1.3 in the list of not supported protocols. While lack of TLS 1.3 support is not part of the reason that no fallback is possible, it is part of the reason that the result is reported as prln_svrty_high.
This commit is contained in:
David Cooper 2019-12-18 10:22:14 -05:00
parent a0b2fb5d56
commit 7c1b8139b2
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -14826,8 +14826,8 @@ run_tls_fallback_scsv() {
# If the server does not support TLS 1.3, TLS 1.2, TLS 1.1, or TLS 1, and # If the server does not support TLS 1.3, TLS 1.2, TLS 1.1, or TLS 1, and
# support for SSLv3 cannot be tested, then treat it as HIGH severity, since # support for SSLv3 cannot be tested, then treat it as HIGH severity, since
# it is very likely that SSLv3 is the only supported protocol. # it is very likely that SSLv3 is the only supported protocol.
prln_svrty_high "No fallback possible, TLS 1.2, TLS 1.1, and TLS 1 not supported" prln_svrty_high "No fallback possible, TLS 1.3, TLS 1.2, TLS 1.1, and TLS 1 not supported"
fileout "$jsonID" "HIGH" "TLS 1.2, TLS 1.1, and TLS 1 not supported" fileout "$jsonID" "HIGH" "TLS 1.3, TLS 1.2, TLS 1.1, and TLS 1 not supported"
else else
# TLS 1.2, TLS 1.1, and TLS 1 are not supported, but can't tell whether TLS 1.3 is supported. # TLS 1.2, TLS 1.1, and TLS 1 are not supported, but can't tell whether TLS 1.3 is supported.
# This could be a TLS 1.3 only server, an SSLv3 only server (if SSLv3 support cannot be tested), # This could be a TLS 1.3 only server, an SSLv3 only server (if SSLv3 support cannot be tested),