Fix run_logjam() in --ssl-native mode

This commit fixes a problem with run_logjam() when run in --ssl-native mode. If $OPENSSL does not support any DH export ciphers, then no test for such cipher is performed. However, the results of "test" is still checked, leading to testssl.sh incorrectly reporting that the server supports DH EXPORT ciphers.
2025-01-03 23:39:45 +01:00 · 2020-04-23 14:52:14 -04:00 · 2020-04-23 14:52:14 -04:00 · bb1c649513
commit bb1c649513
parent a45e9f52d5
1 changed files with 2 additions and 4 deletions
--- a/testssl.sh
+++ b/testssl.sh
@ -16413,15 +16413,13 @@ run_logjam() {
          tls_sockets "03" "$exportdh_cipher_list_hex, 00,ff"
          sclient_success=$?
          [[ $sclient_success -eq 2 ]] && sclient_success=0
+          [[ $sclient_success -eq 0 ]] && vuln_exportdh_ciphers=true
     elif [[ $nr_supported_ciphers -ne 0 ]]; then
          $OPENSSL s_client $(s_client_options "$STARTTLS $BUGS -cipher $exportdh_cipher_list -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE </dev/null
          sclient_connect_successful $? $TMPFILE
-          sclient_success=$?
+          [[ $? -eq 0 ]] && vuln_exportdh_ciphers=true
          debugme grep -Ea "error|failure" $ERRFILE | grep -Eav "unable to get local|verify error"
     fi
-     [[ $sclient_success -eq 0 ]] && \
-          vuln_exportdh_ciphers=true || \
-          vuln_exportdh_ciphers=false

     if [[ $DEBUG -ge 2 ]]; then
          if "$using_sockets"; then