diff --git a/doc/testssl.1 b/doc/testssl.1
index 1095a42..c99f966 100644
--- a/doc/testssl.1
+++ b/doc/testssl.1
@@ -192,7 +192,7 @@ Any single check switch supplied as an argument prevents testssl\.sh from doing
.IP "" 0
.
.P
-\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (18\-23) and TLS 1\.3 final are suuported\.
+\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (18\-23) and TLS 1\.3 final are supported\.
.
.P
\fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there\'s a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there\'s not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)
diff --git a/doc/testssl.1.html b/doc/testssl.1.html
index 254bcdd..7396cfe 100644
--- a/doc/testssl.1.html
+++ b/doc/testssl.1.html
@@ -223,7 +223,7 @@ host.example.com:631
--p, --protocols checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are suuported.
+-p, --protocols checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are supported.
-P, --preference displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)
diff --git a/doc/testssl.1.md b/doc/testssl.1.md
index b1b64ca..ef8e3a1 100644
--- a/doc/testssl.1.md
+++ b/doc/testssl.1.md
@@ -145,7 +145,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a
* `Strong grade Ciphers` (AEAD): 'AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM'
-`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are suuported.
+`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are supported.
`-P, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)
diff --git a/testssl.sh b/testssl.sh
index 3b693ef..0ea49f2 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -116,7 +116,7 @@ egrep -q "dev|rc" <<< "$VERSION" && \
readonly PROG_NAME="$(basename "$0")"
readonly RUN_DIR="$(dirname "$0")"
-TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it neccessary file automagically set TESTSSL_INSTALL_DIR
+TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your stores some place else
ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES:-""}" # single file with a CA in PEM format or comma separated lists of them
CIPHERS_BY_STRENGTH_FILE=""
@@ -253,7 +253,7 @@ JSONHEADER=true # include JSON headers and footers in HT
CSVHEADER=true # same for CSV
HTMLHEADER=true # same for HTML
SECTION_FOOTER_NEEDED=false # kludge for tracking whether we need to close the JSON section object
-GIVE_HINTS=false # give an addtional info to findings
+GIVE_HINTS=false # give an additional info to findings
SERVER_SIZE_LIMIT_BUG=false # Some servers have either a ClientHello total size limit or a 128 cipher limit (e.g. old ASAs)
CHILD_MASS_TESTING=${CHILD_MASS_TESTING:-false}
HAD_SLEPT=0
@@ -588,7 +588,7 @@ pr_boldurl() { tm_bold "$1"; html_out "/dev/null
ret1=$?
if "$byID" && [[ $OSSL_VER_MINOR == "1.1" ]] && [[ $OSSL_VER_MAJOR == "1" ]] && [[ ! -s "$sess_data" ]]; then
- # it seems OpenSSL indicates no Session ID resumption by just not generating ouput
+ # it seems OpenSSL indicates no Session ID resumption by just not generating output
debugme echo -n "No session resumption byID (empty file)"
ret=2
else
@@ -6155,7 +6155,7 @@ tls_time() {
return 0
}
-# core function determining whether handshake succeded or not
+# core function determining whether handshake succeeded or not
# arg1: return value of "openssl s_client connect"
# arg2: temporary file with the server hello
# returns 0 if connect was successful, 1 if not
@@ -6429,7 +6429,7 @@ get_server_certificate() {
get_cn_from_cert() {
local subject
- # attention! openssl 1.0.2 doesn't properly handle online output from certifcates from trustwave.com/github.com
+ # attention! openssl 1.0.2 doesn't properly handle online output from certificates from trustwave.com/github.com
#FIXME: use -nameopt oid for robustness
# for e.g. russian sites -esc_msb,utf8 works in an UTF8 terminal -- any way to check platform indepedent?
@@ -8219,7 +8219,7 @@ alpn_pre(){
return 0
}
-# modern browsers do not support it anymore but we shoud still test it at least for fingerprinting the server side
+# modern browsers do not support it anymore but we should still test it at least for fingerprinting the server side
# Thus we don't label any support for NPN as good.
# FAST mode skips this test
run_npn() {
@@ -8879,7 +8879,7 @@ get_dh_ephemeralkey() {
fi
dh_param="30${len1}${dh_p}${dh_g}"
- # Make a SEQUENCE of the paramters SEQUENCE and the OID
+ # Make a SEQUENCE of the parameters SEQUENCE and the OID
dh_param_len=22+${#dh_param}
if [[ $dh_param_len -lt 256 ]]; then
len1="$(printf "%02x" $((dh_param_len/2)))"
@@ -9879,7 +9879,7 @@ parse_tls_serverhello() {
# Client messages, including handshake messages, are carried by the record layer.
# First, extract the handshake and alert messages.
# see http://en.wikipedia.org/wiki/Transport_Layer_Security-SSL#TLS_record
- # byte 0: content type: 0x14=CCS, 0x15=TLS alert x16=Handshake, 0x17 Aplication, 0x18=HB
+ # byte 0: content type: 0x14=CCS, 0x15=TLS alert x16=Handshake, 0x17 Application, 0x18=HB
# byte 1+2: TLS version word, major is 03, minor 00=SSL3, 01=TLS1 02=TLS1.1 03=TLS 1.2
# byte 3+4: fragment length
# bytes 5...: message fragment
@@ -11363,7 +11363,7 @@ socksend_tls_clienthello() {
fi
len2twobytes "$len_extension_hex"
all_extensions="
- ,$LEN_STR # first the len of all extentions.
+ ,$LEN_STR # first the len of all extensions.
,$all_extensions"
fi
@@ -11398,7 +11398,7 @@ socksend_tls_clienthello() {
len_all_word="$LEN_STR"
#[[ $DEBUG -ge 3 ]] && echo $len_all_word
- # if we have SSLv3, the first occurence of TLS protocol -- record layer -- is SSLv3, otherwise TLS 1.0,
+ # if we have SSLv3, the first occurrence of TLS protocol -- record layer -- is SSLv3, otherwise TLS 1.0,
# except in the case of a second ClientHello in TLS 1.3, in which case it is TLS 1.2.
[[ $tls_low_byte == "00" ]] && tls_word_reclayer="03, 00"
"$is_second_clienthello" && tls_word_reclayer="03, 03"
@@ -11500,7 +11500,7 @@ resend_if_hello_retry_request() {
return 0
fi
- # This appears to be a HelloRetryRequest messsage.
+ # This appears to be a HelloRetryRequest message.
debugme echo "reading hello retry request... "
if [[ "$DEBUG" -ge 4 ]]; then
hexdump -C $SOCK_REPLY_FILE | head -6
@@ -11514,7 +11514,7 @@ resend_if_hello_retry_request() {
debugme echo "malformed HelloRetryRequest"
return 1
fi
- # The HelloRetryRequest messsage may be followed by something
+ # The HelloRetryRequest message may be followed by something
# else (e.g., a change cipher spec message). Ignore anything
# that follows.
tls_hello_ascii_len=$msg_len+10
@@ -11898,7 +11898,7 @@ run_heartbleed(){
tls_hexcode="x03, x03"
elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then
tls_hexcode="x03, x00"
- else # no protcol for some reason defined, determine TLS versions offered with a new handshake
+ else # no protocol for some reason defined, determine TLS versions offered with a new handshake
$OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE 1x
+ # here we test the replies if a TLS server hello was received >1x
for i in 1 2 3 ; do
if [[ "${sid_detected[i]}" =~ $sid_input ]]; then
# was our faked TLS SID returned?
@@ -13983,7 +13983,7 @@ run_grease() {
local ciph list temp curve_found
local -i i j rnd alpn_list_len extn_len debug_level=""
local -i ret=0
- # Note: The folowing values were taken from https://datatracker.ietf.org/doc/draft-ietf-tls-grease.
+ # Note: The following values were taken from https://datatracker.ietf.org/doc/draft-ietf-tls-grease.
# These arrays may need to be updated if the values change in the final version of this document.
local -a -r grease_cipher_suites=( "0a,0a" "1a,1a" "2a,2a" "3a,3a" "4a,4a" "5a,5a" "6a,6a" "7a,7a" "8a,8a" "9a,9a" "aa,aa" "ba,ba" "ca,ca" "da,da" "ea,ea" "fa,fa" )
local -a -r grease_supported_groups=( "0a,0a" "1a,1a" "2a,2a" "3a,3a" "4a,4a" "5a,5a" "6a,6a" "7a,7a" "8a,8a" "9a,9a" "aa,aa" "ba,ba" "ca,ca" "da,da" "ea,ea" "fa,fa" )
@@ -14123,7 +14123,7 @@ run_grease() {
# Check for inability to handle empty last extension (see PR #792 and
# https://www.ietf.org/mail-archive/web/tls/current/msg19720.html).
# (Since this test also uses an unrecognized extension, only run this
- # test if the previous test passed, and use the final exension value
+ # test if the previous test passed, and use the final extension value
# from that test to ensure that the only difference is the location
# of the extension.)
@@ -14688,14 +14688,14 @@ find_openssl_binary() {
prln_warning "\ncannot find specified (\$OPENSSL=$OPENSSL) binary."
tmln_out " Looking some place else ..."
elif [[ -x "$OPENSSL" ]]; then
- : # 1. all ok supplied $OPENSSL was found and has excutable bit set -- testrun comes below
+ : # 1. all ok supplied $OPENSSL was found and has executable bit set -- testrun comes below
elif [[ -e "/mnt/c/Windows/System32/bash.exe" ]] && test_openssl_suffix "$(dirname "$(type -p openssl)")"; then
# 2. otherwise, only if on Bash on Windows, use system binaries only.
SYSTEM2="WSL"
elif test_openssl_suffix "$TESTSSL_INSTALL_DIR"; then
: # 3. otherwise try openssl in path of testssl.sh
elif test_openssl_suffix "$TESTSSL_INSTALL_DIR/bin"; then
- : # 4. otherwise here, this is supposed to be the standard --platform independed path in the future!!!
+ : # 4. otherwise here, this is supposed to be the standard --platform independent path in the future!!!
elif test_openssl_suffix "$(dirname "$(type -p openssl)")"; then
: # 5. we tried hard and failed, so now we use the system binaries
fi
@@ -14970,7 +14970,7 @@ file output options (can also be preset via environment variables)
--csv additional output of findings to CSV file '\${NODE}-p\${port}\${YYYYMMDD-HHMM}.csv' in cwd or directory
--csvfile|-oC additional output as CSV to the specified file or directory, similar to --logfile
--html additional output as HTML to file '\${NODE}-p\${port}\${YYYYMMDD-HHMM}.html'
- --htmlfile|-oH additional output as HTML to the specifed file or directory, similar to --logfile
+ --htmlfile|-oH additional output as HTML to the specified file or directory, similar to --logfile
--out(f,F)ile|-oa/-oA log to a LOG,JSON,CSV,HTML file (see nmap). -oA/-oa: pretty/flat JSON. "auto" uses '\${NODE}-p\${port}\${YYYYMMDD-HHMM}'
--hints additional hints to findings
--severity severities with lower level will be filtered for CSV+JSON, possible values
@@ -15457,7 +15457,7 @@ get_a_record() {
elif type -p dig &>/dev/null; then
ip4=$(filter_ip4_address $(dig @224.0.0.251 -p 5353 +short -t a +notcp "$1" 2>/dev/null | sed '/^;;/d'))
else
- fatal "Local hostname given but no 'avahi-resolve' or 'dig' avaliable." -3
+ fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." -3
fi
fi
if [[ -z "$ip4" ]]; then
@@ -15498,7 +15498,7 @@ get_aaaa_record() {
elif type -p dig &>/dev/null; then
ip6=$(filter_ip6_address $(dig @ff02::fb -p 5353 -t aaaa +short +notcp "$NODE"))
else
- fatal "Local hostname given but no 'avahi-resolve' or 'dig' avaliable." -3
+ fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." -3
fi
elif type -p host &> /dev/null ; then
ip6=$(filter_ip6_address $(host -t aaaa "$1" | awk '/address/ { print $NF }'))
@@ -15527,7 +15527,7 @@ get_caa_rr_record() {
"$NODNS" && return 0 # if no DNS lookup was instructed, leave here
# if there's a type257 record there are two output formats here, mostly depending on age of distribution
- # rougly that's the difference between text and binary format
+ # roughly that's the difference between text and binary format
# 1) 'google.com has CAA record 0 issue "symantec.com"'
# 2) 'google.com has TYPE257 record \# 19 0005697373756573796D616E7465632E636F6D'
# for dig +short the output always starts with '0 issue [..]' or '\# 19 [..]' so we normalize thereto to keep caa_flag, caa_property
@@ -15765,7 +15765,7 @@ sclient_auth() {
fi
fi
fi
- # what's left now is: master key empty, handshake returned not successful, session ID empty --> not sucessful
+ # what's left now is: master key empty, handshake returned not successful, session ID empty --> not successful
return 1
}
@@ -17073,7 +17073,7 @@ nodeip_to_proper_ip6() {
${UNBRACKTD_IPV6} || NODEIP="[$NODEIP]"
len_nodeip=${#NODEIP}
CORRECT_SPACES="$(printf -- " "'%.s' $(eval "echo {1.."$((len_nodeip - 17))"}"))"
- # IPv6 addresses are longer, this varaible takes care that "further IP" and "Service" is properly aligned
+ # IPv6 addresses are longer, this variable takes care that "further IP" and "Service" is properly aligned
fi
}
@@ -17104,7 +17104,7 @@ lets_roll() {
local section_number=1
if [[ "$1" == init ]]; then
- # called once upfront to be able to measure preperation time b4 everything starts
+ # called once upfront to be able to measure preparation time b4 everything starts
START_TIME=$(date +%s)
LAST_TIME=$START_TIME
[[ -n "$MEASURE_TIME_FILE" ]] && >"$MEASURE_TIME_FILE"
@@ -17115,11 +17115,11 @@ lets_roll() {
[[ -z "$NODEIP" ]] && fatal "$NODE doesn't resolve to an IP address" 2
nodeip_to_proper_ip6
reset_hostdepended_vars
- determine_rdns # Returns always zero or has already exited if fatal error occured
+ determine_rdns # Returns always zero or has already exited if fatal error occurred
stopwatch determine_rdns
((SERVER_COUNTER++))
- determine_service "$1" # STARTTLS service? Other will be determined here too. Returns always 0 or has already exited if fatal error occured
+ determine_service "$1" # STARTTLS service? Other will be determined here too. Returns always 0 or has already exited if fatal error occurred
# "secret" devel options --devel:
$do_tls_sockets && [[ $TLS_LOW_BYTE -eq 22 ]] && { sslv2_sockets "" "true"; echo "$?" ; exit 0; }
@@ -17259,11 +17259,11 @@ lets_roll() {
fi
html_banner
- #TODO: there shouldn't be the need for a special case for --mx, only the ip adresses we would need upfront and the do-parser
+ #TODO: there shouldn't be the need for a special case for --mx, only the ip addresses we would need upfront and the do-parser
if "$do_mx_all_ips"; then
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
[[ $? -eq 1 ]] && set_scanning_defaults
- run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have similar code
+ run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff necessary as ~15 lines later we have similar code
exit $?
fi
diff --git a/utils/ccs-injection.bash b/utils/ccs-injection.bash
index 4d7b53f..7302309 100755
--- a/utils/ccs-injection.bash
+++ b/utils/ccs-injection.bash
@@ -210,7 +210,7 @@ fixme(){
ok_ids() {
echo
- tput bold; tput setaf 2; echo "ok -- something resetted our ccs packets"; tput sgr0
+ tput bold; tput setaf 2; echo "ok -- something reset our ccs packets"; tput sgr0
echo
exit 0
}
diff --git a/utils/checkcert.sh b/utils/checkcert.sh
index 6f66aaf..43d6976 100755
--- a/utils/checkcert.sh
+++ b/utils/checkcert.sh
@@ -85,7 +85,7 @@ display_dns() {
$ECHO
[ -n "$rDNS" ] && $ECHO "rDNS: $rDNS"
if [ `echo "$ip4" | wc -l` -gt 1 ]; then
- $ECHO "$1 other IPv4 adresses:\c"
+ $ECHO "$1 other IPv4 addresses:\c"
for i in $ip4; do
[ "$i" == "$NODEIP" ] && continue
$ECHO " $i\c"
diff --git a/utils/curves.bash b/utils/curves.bash
index 4168c02..a5c1de9 100755
--- a/utils/curves.bash
+++ b/utils/curves.bash
@@ -29,13 +29,13 @@ find_openssl_binary() {
pr_warningln "\ncannot find specified (\$OPENSSL=$OPENSSL) binary."
outln " Looking some place else ..."
elif [[ -x "$OPENSSL" ]]; then
- : # 1. all ok supplied $OPENSSL was found and has excutable bit set -- testrun comes below
+ : # 1. all ok supplied $OPENSSL was found and has executable bit set -- testrun comes below
elif test_openssl_suffix $RUN_DIR; then
: # 2. otherwise try openssl in path of testssl.sh
elif test_openssl_suffix ../$RUN_DIR; then
: # 2. otherwise try openssl in path of testssl.sh
elif test_openssl_suffix ../$RUN_DIR/bin; then
- : # 3. otherwise here, this is supposed to be the standard --platform independed path in the future!!!
+ : # 3. otherwise here, this is supposed to be the standard --platform independent path in the future!!!
elif test_openssl_suffix "$(dirname "$(which openssl)")"; then
: # 5. we tried hard and failed, so now we use the system binaries
fi
diff --git a/utils/prototype.tls-protocol-checker.bash b/utils/prototype.tls-protocol-checker.bash
index 9f9b395..0e9f4cc 100755
--- a/utils/prototype.tls-protocol-checker.bash
+++ b/utils/prototype.tls-protocol-checker.bash
@@ -67,7 +67,7 @@ c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f, 00, 0c,
00, 08, 00, 06, 00, 03, 00, ff"
#formatted example for SNI
-#00 00 # extention server_name
+#00 00 # extension server_name
#00 1a # length = the following +2 = server_name length + 5
#00 18 # server_name list_length = server_name length +3
#00 # server_name type (hostname)
@@ -133,7 +133,7 @@ socksend_clienthello() {
hex_len_sn_hex=`printf "%02x\n" $LEN_SN_HEX`
hex_len_sn_hex3=`printf "%02x\n" $((LEN_SN_HEX+3))`
hex_len_sn_hex5=`printf "%02x\n" $((LEN_SN_HEX+5))`
- hex_len_extention=`printf "%02x\n" $((LEN_SN_HEX+9))`
+ hex_len_extension=`printf "%02x\n" $((LEN_SN_HEX+9))`
len_ciph_suites_byte=`echo ${#cipher_suites}`
let "len_ciph_suites_byte += 2"
@@ -144,12 +144,12 @@ socksend_clienthello() {
len_ciph_suites_word="$LEN_STR"
[[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word
- len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extention + 0x2))`
+ len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extension + 0x2))`
#len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27))`
len_c_hello_word="$LEN_STR"
[[ $DEBUG -ge 4 ]] && echo $len_c_hello_word
- len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extention + 0x2))`
+ len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extension + 0x2))`
#len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b))`
len_all_word="$LEN_STR"
[[ $DEBUG -ge 4 ]] && echo $len_all_word
@@ -175,8 +175,8 @@ socksend_clienthello() {
,00" # Compression method (x00 for NULL)
EXTENSION_CONTAINING_SNI="
- ,00, $hex_len_extention # first the len of all (here: 1) extentions. We assume len(hostname) < FF - 9
- ,00, 00 # extention server_name
+ ,00, $hex_len_extension # first the len of all (here: 1) extensions. We assume len(hostname) < FF - 9
+ ,00, 00 # extension server_name
,00, $hex_len_sn_hex5 # length SNI EXT
,00, $hex_len_sn_hex3 # server_name list_length
,00 # server_name type (hostname)
diff --git a/utils/ticketbleed.bash b/utils/ticketbleed.bash
index b223e1e..0feaa89 100755
--- a/utils/ticketbleed.bash
+++ b/utils/ticketbleed.bash
@@ -123,7 +123,7 @@ send_clienthello() {
# length of SessionTicket TLS
x00, $xlen_tckt_tls,
# Session Ticket
- $session_tckt_tls # here we have the comma aleady
+ $session_tckt_tls # here we have the comma already
# Extension: Heartbeat
x00, x0f, x00, x01, x01"
@@ -328,7 +328,7 @@ done
echo
if ! "$early_exit"; then
- # here we test the replys if a TLS server hello was received >1x
+ # here we test the replies if a TLS server hello was received >1x
for i in 1 2 3 ; do
if grep -q $sid_input <<< "${sid_detected[i]}"; then
# was our faked TLS SID returned?