Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-17 09:22:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rephrase Lucky13 finding for 3.2

Browse Source 
see also #2537 .
This commit is contained in:
Dirk Wetter
2025-09-16 14:11:39 +02:00
parent 559c089c39
commit 892e95a6ca
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -19608,8 +19608,8 @@ run_lucky13() {
fi
if [[ $sclient_success -eq 0 ]]; then
out "potentially "
pr_svrty_low "VULNERABLE"; out ", uses cipher block chaining (CBC) ciphers with TLS. Check patches"
fileout "$jsonID" "LOW" "potentially vulnerable, uses TLS CBC ciphers" "$cve" "$cwe" "$hint"
pr_svrty_low "VULNERABLE"; out ", uses obsolete cipher block chaining ciphers with TLS, see server prefs."
fileout "$jsonID" "LOW" "potentially vulnerable, uses obsolete TLS CBC ciphers" "$cve" "$cwe" "$hint"
# the CBC padding which led to timing differences during MAC processing has been solved in openssl (https://www.openssl.org/news/secadv/20130205.txt)
# and other software. However we can't tell with reasonable effort from the outside. Thus we still issue a warning and label it experimental
else