From 9b79e3917a563cd1617c39a118e52d0c7dc330b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emmanuel=20Fust=C3=A9?= <efuste@almond.consulting>
Date: Thu, 11 Jan 2024 18:34:47 +0100
Subject: [PATCH] Bump SSL_RENEG_ATTEMPTS=10 for Stormshield

Stormshield allows 9x and then blocks. So then 10x should be tested.
Example: https://ems.ocapiat.fr
---
 testssl.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index c87668c..90a5645 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -232,7 +232,7 @@ fi
 DISPLAY_CIPHERNAMES="openssl"           # display OpenSSL ciphername (but both OpenSSL and RFC ciphernames in wide mode)
 declare UA_STD="TLS tester from $SWURL"
 declare -r UA_SNEAKY="Mozilla/5.0 (X11; Linux x86_64; rv:94.0) Gecko/20100101 Firefox/94.0"
-SSL_RENEG_ATTEMPTS=${SSL_RENEG_ATTEMPTS:-6}       # number of times to check SSL Renegotiation
+SSL_RENEG_ATTEMPTS=${SSL_RENEG_ATTEMPTS:-10}       # number of times to check SSL Renegotiation
 
 ########### Initialization part, further global vars just being declared here
 #
@@ -17067,6 +17067,7 @@ run_renego() {
                          # Mitigations (default values) for:
                          # - node.js allows 3x R and then blocks. So then 4x should be tested.
                          # - F5 BIG-IP ADS allows 5x R and then blocks. So then 6x should be tested.
+                         # - Stormshield allows 9x and then blocks. So then 10x should be tested.
                          # This way we save a couple seconds as we weeded out the ones which are more robust
                          # Amount of times tested before breaking is set in SSL_RENEG_ATTEMPTS.
                          if [[ $SERVICE != HTTP ]]; then