From 8a5d534b8a54ef8bc50f77b101d8bc77ae5ab3d0 Mon Sep 17 00:00:00 2001 From: NaN <169948333+NaN-KL@users.noreply.github.com> Date: Fri, 23 Aug 2024 14:19:09 -0700 Subject: [PATCH] Update testssl.sh Fix to be consistent in reporting (Not Ok) for ClientHello/ServerHello errors. --- testssl.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index 1aea29f..3c9c2ad 100755 --- a/testssl.sh +++ b/testssl.sh @@ -5639,7 +5639,7 @@ run_protocols() { fileout "$jsonID" "MEDIUM" "not offered, and downgraded to SSL" elif [[ "$DETECTED_TLS_VERSION" == 03* ]]; then detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))" - prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" + prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)" fileout "$jsonID" "CRITICAL" "server responded with higher version number ($detected_version_string) than requested by client" else if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then @@ -5851,7 +5851,7 @@ run_protocols() { prln_svrty_critical " -- server supports $latest_supported_string, but downgraded to $detected_version_string" fileout "$jsonID" "CRITICAL" "not offered, and downgraded to $detected_version_string rather than $latest_supported_string" elif [[ "$tls12_detected_version" == 03* ]] && [[ 0x$tls12_detected_version -gt 0x0303 ]]; then - prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" + prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)" fileout "$jsonID" "CRITICAL" "not offered, server responded with higher version number ($detected_version_string) than requested by client" else if [[ ${#tls12_detected_version} -eq 4 ]]; then @@ -5999,7 +5999,7 @@ run_protocols() { fileout "$jsonID" "CRITICAL" "not offered, and downgraded to $detected_version_string rather than $latest_supported_string" elif [[ "$DETECTED_TLS_VERSION" == 03* ]] && [[ 0x$DETECTED_TLS_VERSION -gt 0x0304 ]]; then out "not offered" - prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" + prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)" fileout "$jsonID" "CRITICAL" "not offered, server responded with higher version number ($detected_version_string) than requested by client" else out "not offered"