From 0fcb2bcb44503c16b71b7848834f4db7e969251e Mon Sep 17 00:00:00 2001 From: David Cooper Date: Tue, 23 Aug 2016 12:29:31 -0400 Subject: [PATCH] Fix SSLv2-only test in determine_optimal_proto() The test for whether a server only supports SSLv2 was broken, since `$OPTIMAL_PROTO` will be `-ssl2` whether SSLv2 is the only protocol that succeeds or no protocol succeeds. This PR sets $OPTIMAL_PROTO (or $STARTTLS_OPTIMAL_PROTO) to "" if no protocol succeeds. --- testssl.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/testssl.sh b/testssl.sh index 1d91590..7f76b99 100755 --- a/testssl.sh +++ b/testssl.sh @@ -7828,6 +7828,7 @@ determine_optimal_proto() { fi all_failed=0 done + [[ $all_failed -eq 0 ]] && STARTTLS_OPTIMAL_PROTO="" debugme echo "STARTTLS_OPTIMAL_PROTO: $STARTTLS_OPTIMAL_PROTO" else for OPTIMAL_PROTO in '' -tls1_2 -tls1 -ssl3 -tls1_1 -ssl2; do @@ -7839,6 +7840,7 @@ determine_optimal_proto() { fi all_failed=0 done + [[ $all_failed -eq 0 ]] && OPTIMAL_PROTO="" debugme echo "OPTIMAL_PROTO: $OPTIMAL_PROTO" if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then pr_magentaln "$NODEIP:$PORT appears to only support SSLv2."