From ff5b321d38c14aa5f7d6680c21045c9dd62e8ef8 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 4 Aug 2021 14:31:42 -0400
Subject: [PATCH] Use all+ in calls to tls_sockets() in 3.0

get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
---
 testssl.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index ebc4687..58b3c40 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -7377,9 +7377,9 @@ get_server_certificate() {
                if ( [[ "$STARTTLS" =~ ldap ]] || [[ "$STARTTLS" =~ irc ]] ); then
                     return 1
                elif [[ "$1" =~ "tls1_3_RSA" ]]; then
-                    tls_sockets "04" "$TLS13_CIPHER" "all" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01"
+                    tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,10,00,0e,08,04,08,05,08,06,04,01,05,01,06,01,02,01"
                elif [[ "$1" =~ "tls1_3_ECDSA" ]]; then
-                    tls_sockets "04" "$TLS13_CIPHER" "all" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03"
+                    tls_sockets "04" "$TLS13_CIPHER" "all+" "00,12,00,00, 00,05,00,05,01,00,00,00,00, 00,0d,00,0a,00,08,04,03,05,03,06,03,02,03"
                else
                     return 1
                fi