From a0b2fb5d569c371452afe50bad1208a3383038cd Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 18 Dec 2019 10:17:55 -0500 Subject: [PATCH] Minor tweak to run_tls_fallback_scsv() Don't report "OK" if the server may be TLS 1.3-only or SSLv3-only, as one is very good and one is very bad. --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index c284a10..fdcd948 100755 --- a/testssl.sh +++ b/testssl.sh @@ -14833,7 +14833,7 @@ run_tls_fallback_scsv() { # This could be a TLS 1.3 only server, an SSLv3 only server (if SSLv3 support cannot be tested), # or a server that does not support SSLv3 or any TLS protocol. So, don't report a severity, # since this could either be good or bad. - outln "No fallback possible, TLS 1.2, TLS 1.1, and TLS 1 not supported (OK)" + outln "No fallback possible, TLS 1.2, TLS 1.1, and TLS 1 not supported" fileout "$jsonID" "INFO" "TLS 1.2, TLS 1.1, and TLS 1 not supported" fi return 0