Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-28 04:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2544 from NaN-KL/patch-1

Browse Source 
Fix: Reporting (Not Ok) for ClientHello/ServerHello errors
This commit is contained in:
Dirk Wetter 2024-08-26 18:14:23 +02:00 committed by GitHub
commit b132a26432
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
testssl.sh
View File

@ -5639,7 +5639,7 @@ run_protocols() {
fileout "$jsonID" "MEDIUM" "not offered, and downgraded to SSL" fileout "$jsonID" "MEDIUM" "not offered, and downgraded to SSL"
elif [[ "$DETECTED_TLS_VERSION" == 03* ]]; then elif [[ "$DETECTED_TLS_VERSION" == 03* ]]; then
detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))" detected_version_string="TLSv1.$((0x$DETECTED_TLS_VERSION-0x0301))"
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
fileout "$jsonID" "CRITICAL" "server responded with higher version number ($detected_version_string) than requested by client" fileout "$jsonID" "CRITICAL" "server responded with higher version number ($detected_version_string) than requested by client"
else else
if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then if [[ ${#DETECTED_TLS_VERSION} -eq 4 ]]; then
@ -5851,7 +5851,7 @@ run_protocols() {
prln_svrty_critical " -- server supports $latest_supported_string, but downgraded to $detected_version_string" prln_svrty_critical " -- server supports $latest_supported_string, but downgraded to $detected_version_string"
fileout "$jsonID" "CRITICAL" "not offered, and downgraded to $detected_version_string rather than $latest_supported_string" fileout "$jsonID" "CRITICAL" "not offered, and downgraded to $detected_version_string rather than $latest_supported_string"
elif [[ "$tls12_detected_version" == 03* ]] && [[ 0x$tls12_detected_version -gt 0x0303 ]]; then elif [[ "$tls12_detected_version" == 03* ]] && [[ 0x$tls12_detected_version -gt 0x0303 ]]; then
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
fileout "$jsonID" "CRITICAL" "not offered, server responded with higher version number ($detected_version_string) than requested by client" fileout "$jsonID" "CRITICAL" "not offered, server responded with higher version number ($detected_version_string) than requested by client"
else else
if [[ ${#tls12_detected_version} -eq 4 ]]; then if [[ ${#tls12_detected_version} -eq 4 ]]; then
@ -5999,7 +5999,7 @@ run_protocols() {
fileout "$jsonID" "CRITICAL" "not offered, and downgraded to $detected_version_string rather than $latest_supported_string" fileout "$jsonID" "CRITICAL" "not offered, and downgraded to $detected_version_string rather than $latest_supported_string"
elif [[ "$DETECTED_TLS_VERSION" == 03* ]] && [[ 0x$DETECTED_TLS_VERSION -gt 0x0304 ]]; then elif [[ "$DETECTED_TLS_VERSION" == 03* ]] && [[ 0x$DETECTED_TLS_VERSION -gt 0x0304 ]]; then
out "not offered" out "not offered"
prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client" prln_svrty_critical " -- server responded with higher version number ($detected_version_string) than requested by client (NOT ok)"
fileout "$jsonID" "CRITICAL" "not offered, server responded with higher version number ($detected_version_string) than requested by client" fileout "$jsonID" "CRITICAL" "not offered, server responded with higher version number ($detected_version_string) than requested by client"
else else
out "not offered" out "not offered"