From cce57c46134416edf7c60a6cb29f1b307777f47c Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Wed, 22 Jan 2020 11:20:34 -0500
Subject: [PATCH] Fix run_ssl_poodle()

PR #1463 changed run_ssl_poodle() to only run the test if it is known that the server supports SSLv3. However, support for SSLv3 may be unknown at the time run_ssl_poodle() is run (e.g., if the server supports TLS 1 and SSLv3, and run_ssl_poodle() is the first test performed). So, run_ssl_poodle() should perform testing unless it is known that SSLv3 is not supported.
---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index f73afe6..6fd03b2 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -14798,7 +14798,7 @@ run_ssl_poodle() {
      [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln
      pr_bold " POODLE, SSL"; out " ($cve)               "
 
-     if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -ne 0 ]]; then
+     if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -eq 1 ]]; then
           # one condition should normally suffice but we don't know when run_poddle() was called
           pr_svrty_best "not vulnerable (OK)"
           outln ", no SSLv3 support"