From eead9f62d96807b56320ffc4e2aa18c0d6215447 Mon Sep 17 00:00:00 2001 From: Karsten Weiss Date: Tue, 10 Apr 2018 13:46:43 +0200 Subject: [PATCH] Fix typos found by codespell --- doc/testssl.1 | 2 +- doc/testssl.1.html | 2 +- doc/testssl.1.md | 2 +- testssl.sh | 82 +++++++++++------------ utils/ccs-injection.bash | 2 +- utils/checkcert.sh | 2 +- utils/curves.bash | 4 +- utils/prototype.tls-protocol-checker.bash | 12 ++-- utils/ticketbleed.bash | 4 +- 9 files changed, 56 insertions(+), 56 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 1095a42..c99f966 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -192,7 +192,7 @@ Any single check switch supplied as an argument prevents testssl\.sh from doing .IP "" 0 . .P -\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (18\-23) and TLS 1\.3 final are suuported\. +\fB\-p, \-\-protocols\fR checks TLS/SSL protocols SSLv2, SSLv3, TLS 1\.0 \- TLS 1\.3 and for HTTP: SPDY (NPN) and ALPN, a\.k\.a\. HTTP/2\. For TLS 1\.3 several drafts (18\-23) and TLS 1\.3 final are supported\. . .P \fB\-P, \-\-preference\fR displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher\. If there\'s a cipher order enforced by the server it displays it for each protocol (openssl+sockets)\. If there\'s not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only) diff --git a/doc/testssl.1.html b/doc/testssl.1.html index 254bcdd..7396cfe 100644 --- a/doc/testssl.1.html +++ b/doc/testssl.1.html @@ -223,7 +223,7 @@ host.example.com:631 -

-p, --protocols checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are suuported.

+

-p, --protocols checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are supported.

-P, --preference displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only)

diff --git a/doc/testssl.1.md b/doc/testssl.1.md index b1b64ca..ef8e3a1 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -145,7 +145,7 @@ Any single check switch supplied as an argument prevents testssl.sh from doing a * `Strong grade Ciphers` (AEAD): 'AESGCM:CHACHA20:AESGCM:CamelliaGCM:AESCCM8:AESCCM' -`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are suuported. +`-p, --protocols` checks TLS/SSL protocols SSLv2, SSLv3, TLS 1.0 - TLS 1.3 and for HTTP: SPDY (NPN) and ALPN, a.k.a. HTTP/2. For TLS 1.3 several drafts (18-23) and TLS 1.3 final are supported. `-P, --preference` displays the servers preferences: cipher order, with used openssl client: negotiated protocol and cipher. If there's a cipher order enforced by the server it displays it for each protocol (openssl+sockets). If there's not, it displays instead which ciphers from the server were picked with each protocol (by using openssl only) diff --git a/testssl.sh b/testssl.sh index 2f80243..2a20aa1 100755 --- a/testssl.sh +++ b/testssl.sh @@ -116,7 +116,7 @@ egrep -q "dev|rc" <<< "$VERSION" && \ readonly PROG_NAME="$(basename "$0")" readonly RUN_DIR="$(dirname "$0")" -TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it neccessary file automagically set TESTSSL_INSTALL_DIR +TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it doesn't find it necessary file automagically set TESTSSL_INSTALL_DIR CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your stores some place else ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES:-""}" # single file with a CA in PEM format or comma separated lists of them CIPHERS_BY_STRENGTH_FILE="" @@ -253,7 +253,7 @@ JSONHEADER=true # include JSON headers and footers in HT CSVHEADER=true # same for CSV HTMLHEADER=true # same for HTML SECTION_FOOTER_NEEDED=false # kludge for tracking whether we need to close the JSON section object -GIVE_HINTS=false # give an addtional info to findings +GIVE_HINTS=false # give an additional info to findings SERVER_SIZE_LIMIT_BUG=false # Some servers have either a ClientHello total size limit or a 128 cipher limit (e.g. old ASAs) CHILD_MASS_TESTING=${CHILD_MASS_TESTING:-false} HAD_SLEPT=0 @@ -588,7 +588,7 @@ pr_boldurl() { tm_bold "$1"; html_out "/dev/null ret1=$? if "$byID" && [[ $OSSL_VER_MINOR == "1.1" ]] && [[ $OSSL_VER_MAJOR == "1" ]] && [[ ! -s "$sess_data" ]]; then - # it seems OpenSSL indicates no Session ID resumption by just not generating ouput + # it seems OpenSSL indicates no Session ID resumption by just not generating output debugme echo -n "No session resumption byID (empty file)" ret=2 else @@ -6157,7 +6157,7 @@ tls_time() { return 0 } -# core function determining whether handshake succeded or not +# core function determining whether handshake succeeded or not # arg1: return value of "openssl s_client connect" # arg2: temporary file with the server hello # returns 0 if connect was successful, 1 if not @@ -6429,7 +6429,7 @@ get_server_certificate() { get_cn_from_cert() { local subject - # attention! openssl 1.0.2 doesn't properly handle online output from certifcates from trustwave.com/github.com + # attention! openssl 1.0.2 doesn't properly handle online output from certificates from trustwave.com/github.com #FIXME: use -nameopt oid for robustness # for e.g. russian sites -esc_msb,utf8 works in an UTF8 terminal -- any way to check platform indepedent? @@ -8219,7 +8219,7 @@ alpn_pre(){ return 0 } -# modern browsers do not support it anymore but we shoud still test it at least for fingerprinting the server side +# modern browsers do not support it anymore but we should still test it at least for fingerprinting the server side # Thus we don't label any support for NPN as good. # FAST mode skips this test run_npn() { @@ -8879,7 +8879,7 @@ get_dh_ephemeralkey() { fi dh_param="30${len1}${dh_p}${dh_g}" - # Make a SEQUENCE of the paramters SEQUENCE and the OID + # Make a SEQUENCE of the parameters SEQUENCE and the OID dh_param_len=22+${#dh_param} if [[ $dh_param_len -lt 256 ]]; then len1="$(printf "%02x" $((dh_param_len/2)))" @@ -9879,7 +9879,7 @@ parse_tls_serverhello() { # Client messages, including handshake messages, are carried by the record layer. # First, extract the handshake and alert messages. # see http://en.wikipedia.org/wiki/Transport_Layer_Security-SSL#TLS_record - # byte 0: content type: 0x14=CCS, 0x15=TLS alert x16=Handshake, 0x17 Aplication, 0x18=HB + # byte 0: content type: 0x14=CCS, 0x15=TLS alert x16=Handshake, 0x17 Application, 0x18=HB # byte 1+2: TLS version word, major is 03, minor 00=SSL3, 01=TLS1 02=TLS1.1 03=TLS 1.2 # byte 3+4: fragment length # bytes 5...: message fragment @@ -11363,7 +11363,7 @@ socksend_tls_clienthello() { fi len2twobytes "$len_extension_hex" all_extensions=" - ,$LEN_STR # first the len of all extentions. + ,$LEN_STR # first the len of all extensions. ,$all_extensions" fi @@ -11398,7 +11398,7 @@ socksend_tls_clienthello() { len_all_word="$LEN_STR" #[[ $DEBUG -ge 3 ]] && echo $len_all_word - # if we have SSLv3, the first occurence of TLS protocol -- record layer -- is SSLv3, otherwise TLS 1.0, + # if we have SSLv3, the first occurrence of TLS protocol -- record layer -- is SSLv3, otherwise TLS 1.0, # except in the case of a second ClientHello in TLS 1.3, in which case it is TLS 1.2. [[ $tls_low_byte == "00" ]] && tls_word_reclayer="03, 00" "$is_second_clienthello" && tls_word_reclayer="03, 03" @@ -11500,7 +11500,7 @@ resend_if_hello_retry_request() { return 0 fi - # This appears to be a HelloRetryRequest messsage. + # This appears to be a HelloRetryRequest message. debugme echo "reading hello retry request... " if [[ "$DEBUG" -ge 4 ]]; then hexdump -C $SOCK_REPLY_FILE | head -6 @@ -11514,7 +11514,7 @@ resend_if_hello_retry_request() { debugme echo "malformed HelloRetryRequest" return 1 fi - # The HelloRetryRequest messsage may be followed by something + # The HelloRetryRequest message may be followed by something # else (e.g., a change cipher spec message). Ignore anything # that follows. tls_hello_ascii_len=$msg_len+10 @@ -11898,7 +11898,7 @@ run_heartbleed(){ tls_hexcode="x03, x03" elif [[ 0 -eq $(has_server_protocol ssl3) ]]; then tls_hexcode="x03, x00" - else # no protcol for some reason defined, determine TLS versions offered with a new handshake + else # no protocol for some reason defined, determine TLS versions offered with a new handshake $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE $TMPFILE 2>$ERRFILE 1x + # here we test the replies if a TLS server hello was received >1x for i in 1 2 3 ; do if [[ "${sid_detected[i]}" =~ $sid_input ]]; then # was our faked TLS SID returned? @@ -13981,7 +13981,7 @@ run_grease() { local ciph list temp curve_found local -i i j rnd alpn_list_len extn_len debug_level="" local -i ret=0 - # Note: The folowing values were taken from https://datatracker.ietf.org/doc/draft-ietf-tls-grease. + # Note: The following values were taken from https://datatracker.ietf.org/doc/draft-ietf-tls-grease. # These arrays may need to be updated if the values change in the final version of this document. local -a -r grease_cipher_suites=( "0a,0a" "1a,1a" "2a,2a" "3a,3a" "4a,4a" "5a,5a" "6a,6a" "7a,7a" "8a,8a" "9a,9a" "aa,aa" "ba,ba" "ca,ca" "da,da" "ea,ea" "fa,fa" ) local -a -r grease_supported_groups=( "0a,0a" "1a,1a" "2a,2a" "3a,3a" "4a,4a" "5a,5a" "6a,6a" "7a,7a" "8a,8a" "9a,9a" "aa,aa" "ba,ba" "ca,ca" "da,da" "ea,ea" "fa,fa" ) @@ -14121,7 +14121,7 @@ run_grease() { # Check for inability to handle empty last extension (see PR #792 and # https://www.ietf.org/mail-archive/web/tls/current/msg19720.html). # (Since this test also uses an unrecognized extension, only run this - # test if the previous test passed, and use the final exension value + # test if the previous test passed, and use the final extension value # from that test to ensure that the only difference is the location # of the extension.) @@ -14686,14 +14686,14 @@ find_openssl_binary() { prln_warning "\ncannot find specified (\$OPENSSL=$OPENSSL) binary." tmln_out " Looking some place else ..." elif [[ -x "$OPENSSL" ]]; then - : # 1. all ok supplied $OPENSSL was found and has excutable bit set -- testrun comes below + : # 1. all ok supplied $OPENSSL was found and has executable bit set -- testrun comes below elif [[ -e "/mnt/c/Windows/System32/bash.exe" ]] && test_openssl_suffix "$(dirname "$(type -p openssl)")"; then # 2. otherwise, only if on Bash on Windows, use system binaries only. SYSTEM2="WSL" elif test_openssl_suffix "$TESTSSL_INSTALL_DIR"; then : # 3. otherwise try openssl in path of testssl.sh elif test_openssl_suffix "$TESTSSL_INSTALL_DIR/bin"; then - : # 4. otherwise here, this is supposed to be the standard --platform independed path in the future!!! + : # 4. otherwise here, this is supposed to be the standard --platform independent path in the future!!! elif test_openssl_suffix "$(dirname "$(type -p openssl)")"; then : # 5. we tried hard and failed, so now we use the system binaries fi @@ -14968,7 +14968,7 @@ file output options (can also be preset via environment variables) --csv additional output of findings to CSV file '\${NODE}-p\${port}\${YYYYMMDD-HHMM}.csv' in cwd or directory --csvfile|-oC additional output as CSV to the specified file or directory, similar to --logfile --html additional output as HTML to file '\${NODE}-p\${port}\${YYYYMMDD-HHMM}.html' - --htmlfile|-oH additional output as HTML to the specifed file or directory, similar to --logfile + --htmlfile|-oH additional output as HTML to the specified file or directory, similar to --logfile --out(f,F)ile|-oa/-oA log to a LOG,JSON,CSV,HTML file (see nmap). -oA/-oa: pretty/flat JSON. "auto" uses '\${NODE}-p\${port}\${YYYYMMDD-HHMM}' --hints additional hints to findings --severity severities with lower level will be filtered for CSV+JSON, possible values @@ -15455,7 +15455,7 @@ get_a_record() { elif type -p dig &>/dev/null; then ip4=$(filter_ip4_address $(dig @224.0.0.251 -p 5353 +short -t a +notcp "$1" 2>/dev/null | sed '/^;;/d')) else - fatal "Local hostname given but no 'avahi-resolve' or 'dig' avaliable." -3 + fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." -3 fi fi if [[ -z "$ip4" ]]; then @@ -15496,7 +15496,7 @@ get_aaaa_record() { elif type -p dig &>/dev/null; then ip6=$(filter_ip6_address $(dig @ff02::fb -p 5353 -t aaaa +short +notcp "$NODE")) else - fatal "Local hostname given but no 'avahi-resolve' or 'dig' avaliable." -3 + fatal "Local hostname given but no 'avahi-resolve' or 'dig' available." -3 fi elif type -p host &> /dev/null ; then ip6=$(filter_ip6_address $(host -t aaaa "$1" | awk '/address/ { print $NF }')) @@ -15525,7 +15525,7 @@ get_caa_rr_record() { "$NODNS" && return 0 # if no DNS lookup was instructed, leave here # if there's a type257 record there are two output formats here, mostly depending on age of distribution - # rougly that's the difference between text and binary format + # roughly that's the difference between text and binary format # 1) 'google.com has CAA record 0 issue "symantec.com"' # 2) 'google.com has TYPE257 record \# 19 0005697373756573796D616E7465632E636F6D' # for dig +short the output always starts with '0 issue [..]' or '\# 19 [..]' so we normalize thereto to keep caa_flag, caa_property @@ -15763,7 +15763,7 @@ sclient_auth() { fi fi fi - # what's left now is: master key empty, handshake returned not successful, session ID empty --> not sucessful + # what's left now is: master key empty, handshake returned not successful, session ID empty --> not successful return 1 } @@ -17071,7 +17071,7 @@ nodeip_to_proper_ip6() { ${UNBRACKTD_IPV6} || NODEIP="[$NODEIP]" len_nodeip=${#NODEIP} CORRECT_SPACES="$(printf -- " "'%.s' $(eval "echo {1.."$((len_nodeip - 17))"}"))" - # IPv6 addresses are longer, this varaible takes care that "further IP" and "Service" is properly aligned + # IPv6 addresses are longer, this variable takes care that "further IP" and "Service" is properly aligned fi } @@ -17102,7 +17102,7 @@ lets_roll() { local section_number=1 if [[ "$1" == init ]]; then - # called once upfront to be able to measure preperation time b4 everything starts + # called once upfront to be able to measure preparation time b4 everything starts START_TIME=$(date +%s) LAST_TIME=$START_TIME [[ -n "$MEASURE_TIME_FILE" ]] && >"$MEASURE_TIME_FILE" @@ -17113,11 +17113,11 @@ lets_roll() { [[ -z "$NODEIP" ]] && fatal "$NODE doesn't resolve to an IP address" 2 nodeip_to_proper_ip6 reset_hostdepended_vars - determine_rdns # Returns always zero or has already exited if fatal error occured + determine_rdns # Returns always zero or has already exited if fatal error occurred stopwatch determine_rdns ((SERVER_COUNTER++)) - determine_service "$1" # STARTTLS service? Other will be determined here too. Returns always 0 or has already exited if fatal error occured + determine_service "$1" # STARTTLS service? Other will be determined here too. Returns always 0 or has already exited if fatal error occurred # "secret" devel options --devel: $do_tls_sockets && [[ $TLS_LOW_BYTE -eq 22 ]] && { sslv2_sockets "" "true"; echo "$?" ; exit 0; } @@ -17257,11 +17257,11 @@ lets_roll() { fi html_banner - #TODO: there shouldn't be the need for a special case for --mx, only the ip adresses we would need upfront and the do-parser + #TODO: there shouldn't be the need for a special case for --mx, only the ip addresses we would need upfront and the do-parser if "$do_mx_all_ips"; then query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified [[ $? -eq 1 ]] && set_scanning_defaults - run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have similar code + run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff necessary as ~15 lines later we have similar code exit $? fi diff --git a/utils/ccs-injection.bash b/utils/ccs-injection.bash index 4d7b53f..7302309 100755 --- a/utils/ccs-injection.bash +++ b/utils/ccs-injection.bash @@ -210,7 +210,7 @@ fixme(){ ok_ids() { echo - tput bold; tput setaf 2; echo "ok -- something resetted our ccs packets"; tput sgr0 + tput bold; tput setaf 2; echo "ok -- something reset our ccs packets"; tput sgr0 echo exit 0 } diff --git a/utils/checkcert.sh b/utils/checkcert.sh index 6f66aaf..43d6976 100755 --- a/utils/checkcert.sh +++ b/utils/checkcert.sh @@ -85,7 +85,7 @@ display_dns() { $ECHO [ -n "$rDNS" ] && $ECHO "rDNS: $rDNS" if [ `echo "$ip4" | wc -l` -gt 1 ]; then - $ECHO "$1 other IPv4 adresses:\c" + $ECHO "$1 other IPv4 addresses:\c" for i in $ip4; do [ "$i" == "$NODEIP" ] && continue $ECHO " $i\c" diff --git a/utils/curves.bash b/utils/curves.bash index 4168c02..a5c1de9 100755 --- a/utils/curves.bash +++ b/utils/curves.bash @@ -29,13 +29,13 @@ find_openssl_binary() { pr_warningln "\ncannot find specified (\$OPENSSL=$OPENSSL) binary." outln " Looking some place else ..." elif [[ -x "$OPENSSL" ]]; then - : # 1. all ok supplied $OPENSSL was found and has excutable bit set -- testrun comes below + : # 1. all ok supplied $OPENSSL was found and has executable bit set -- testrun comes below elif test_openssl_suffix $RUN_DIR; then : # 2. otherwise try openssl in path of testssl.sh elif test_openssl_suffix ../$RUN_DIR; then : # 2. otherwise try openssl in path of testssl.sh elif test_openssl_suffix ../$RUN_DIR/bin; then - : # 3. otherwise here, this is supposed to be the standard --platform independed path in the future!!! + : # 3. otherwise here, this is supposed to be the standard --platform independent path in the future!!! elif test_openssl_suffix "$(dirname "$(which openssl)")"; then : # 5. we tried hard and failed, so now we use the system binaries fi diff --git a/utils/prototype.tls-protocol-checker.bash b/utils/prototype.tls-protocol-checker.bash index 9f9b395..0e9f4cc 100755 --- a/utils/prototype.tls-protocol-checker.bash +++ b/utils/prototype.tls-protocol-checker.bash @@ -67,7 +67,7 @@ c0, 0d, c0, 03, 00, 0a, 00, 63, 00, 15, 00, 12, 00, 0f, 00, 0c, 00, 08, 00, 06, 00, 03, 00, ff" #formatted example for SNI -#00 00 # extention server_name +#00 00 # extension server_name #00 1a # length = the following +2 = server_name length + 5 #00 18 # server_name list_length = server_name length +3 #00 # server_name type (hostname) @@ -133,7 +133,7 @@ socksend_clienthello() { hex_len_sn_hex=`printf "%02x\n" $LEN_SN_HEX` hex_len_sn_hex3=`printf "%02x\n" $((LEN_SN_HEX+3))` hex_len_sn_hex5=`printf "%02x\n" $((LEN_SN_HEX+5))` - hex_len_extention=`printf "%02x\n" $((LEN_SN_HEX+9))` + hex_len_extension=`printf "%02x\n" $((LEN_SN_HEX+9))` len_ciph_suites_byte=`echo ${#cipher_suites}` let "len_ciph_suites_byte += 2" @@ -144,12 +144,12 @@ socksend_clienthello() { len_ciph_suites_word="$LEN_STR" [[ $DEBUG -ge 4 ]] && echo $len_ciph_suites_word - len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extention + 0x2))` + len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27 + 0x$hex_len_extension + 0x2))` #len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x27))` len_c_hello_word="$LEN_STR" [[ $DEBUG -ge 4 ]] && echo $len_c_hello_word - len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extention + 0x2))` + len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b + 0x$hex_len_extension + 0x2))` #len2twobytes `printf "%02x\n" $((0x$len_ciph_suites + 0x2b))` len_all_word="$LEN_STR" [[ $DEBUG -ge 4 ]] && echo $len_all_word @@ -175,8 +175,8 @@ socksend_clienthello() { ,00" # Compression method (x00 for NULL) EXTENSION_CONTAINING_SNI=" - ,00, $hex_len_extention # first the len of all (here: 1) extentions. We assume len(hostname) < FF - 9 - ,00, 00 # extention server_name + ,00, $hex_len_extension # first the len of all (here: 1) extensions. We assume len(hostname) < FF - 9 + ,00, 00 # extension server_name ,00, $hex_len_sn_hex5 # length SNI EXT ,00, $hex_len_sn_hex3 # server_name list_length ,00 # server_name type (hostname) diff --git a/utils/ticketbleed.bash b/utils/ticketbleed.bash index b223e1e..0feaa89 100755 --- a/utils/ticketbleed.bash +++ b/utils/ticketbleed.bash @@ -123,7 +123,7 @@ send_clienthello() { # length of SessionTicket TLS x00, $xlen_tckt_tls, # Session Ticket - $session_tckt_tls # here we have the comma aleady + $session_tckt_tls # here we have the comma already # Extension: Heartbeat x00, x0f, x00, x01, x01" @@ -328,7 +328,7 @@ done echo if ! "$early_exit"; then - # here we test the replys if a TLS server hello was received >1x + # here we test the replies if a TLS server hello was received >1x for i in 1 2 3 ; do if grep -q $sid_input <<< "${sid_detected[i]}"; then # was our faked TLS SID returned?