From 9b3ab29550f8386ac7de812d3a00878266311d3d Mon Sep 17 00:00:00 2001 From: David Cooper Date: Thu, 3 Oct 2019 16:18:51 -0400 Subject: [PATCH] Modify check for TLS13_ONLY In a PR that I'm developing to to use the results of determine_optimal_sockets_params() in run_protocols() I add specific versions of TLS 1.3 to PROTOS_OFFERED (e.g., tls1_3_rfc8446, tsl1_3_draft28). If that PR is accepted, then the current check for TLS 1.3-only will no longer work. So, this commit changes the way that the check for TLS 1.3-only is performed in order to avoid problems if the other PR is merged. --- testssl.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index f5ea0c4..dc71909 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17981,7 +17981,11 @@ determine_optimal_proto() { debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO" fi [[ "$optimal_proto" != -ssl2 ]] && ! "$all_failed" && grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190 - [[ "$(has_server_protocol "tls1_3")" -eq 0 ]] && [[ ! "${PROTOS_OFFERED//tls1_3:yes /}" =~ yes ]] && TLS13_ONLY=true + if [[ "$(has_server_protocol "tls1_3")" -eq 0 ]] && [[ "$(has_server_protocol "tls1_2")" -ne 0 ]] && + [[ "$(has_server_protocol "tls1_1")" -ne 0 ]] && [[ "$(has_server_protocol "tls1")" -ne 0 ]] && + [[ "$(has_server_protocol "ssl3")" -ne 0 ]]; then + TLS13_ONLY=true + fi if [[ "$optimal_proto" == -ssl2 ]]; then prln_magenta "$NODEIP:$PORT appears to only support SSLv2."