Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 04:49:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix "off by one" error in HSTS

Browse Source 
There was by mistake a 179 days threshold and also the error message
was wrong when HSTS was exactly set to 179 days.

This commit sets it to 180 days and corrects the error messages on
both screen and JSON.
This commit is contained in:
Dirk Wetter 2021-05-08 14:45:38 +02:00
parent 37a6b905a5
commit 9121c7a3c9
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
testssl.sh
View File

@ -208,7 +208,7 @@ STARTTLS_SLEEP=${STARTTLS_SLEEP:-10} # max time wait on a socket for STARTTLS
FAST_STARTTLS=${FAST_STARTTLS:-true} # at the cost of reliability decrease the handshakes for STARTTLS
USLEEP_SND=${USLEEP_SND:-0.1} # sleep time for general socket send
USLEEP_REC=${USLEEP_REC:-0.2} # sleep time for general socket receive
HSTS_MIN=${HSTS_MIN:-179} # >179 days is ok for HSTS
HSTS_MIN=${HSTS_MIN:-180} # >=180 days is ok for HSTS
HSTS_MIN=$((HSTS_MIN * 86400)) # correct to seconds
HPKP_MIN=${HPKP_MIN:-30} # >=30 days should be ok for HPKP_MIN, practical hints?
HPKP_MIN=$((HPKP_MIN * 86400)) # correct to seconds
@ -2619,12 +2619,12 @@ run_hsts() {
pr_svrty_low "HSTS max-age is set to 0. HSTS is disabled"
fileout "${jsonID}_time" "LOW" "0. HSTS is disabled"
set_grade_cap "A" "HSTS is disabled"
elif [[ $hsts_age_sec -gt $HSTS_MIN ]]; then
elif [[ $hsts_age_sec -ge $HSTS_MIN ]]; then
pr_svrty_good "$hsts_age_days days" ; out "=$hsts_age_sec s"
fileout "${jsonID}_time" "OK" "$hsts_age_days days (=$hsts_age_sec seconds) > $HSTS_MIN seconds"
else
pr_svrty_medium "$hsts_age_sec s = $hsts_age_days days is too short ( > $HSTS_MIN seconds recommended)"
fileout "${jsonID}_time" "MEDIUM" "max-age too short. $hsts_age_days days (=$hsts_age_sec seconds) <= $HSTS_MIN seconds"
pr_svrty_medium "$hsts_age_sec s = $hsts_age_days days is too short ( >= $HSTS_MIN seconds recommended)"
fileout "${jsonID}_time" "MEDIUM" "max-age too short. $hsts_age_days days (=$hsts_age_sec seconds) < $HSTS_MIN seconds"
set_grade_cap "A" "HSTS max-age is too short"
fi
if includeSubDomains "$TMPFILE"; then