Fix run_ssl_poodle()

PR #1463 changed run_ssl_poodle() to only run the test if it is known that the server supports SSLv3. However, support for SSLv3 may be unknown at the time run_ssl_poodle() is run (e.g., if the server supports TLS 1 and SSLv3, and run_ssl_poodle() is the first test performed). So, run_ssl_poodle() should perform testing unless it is known that SSLv3 is not supported.
This commit is contained in:
David Cooper 2020-01-22 11:20:34 -05:00 committed by GitHub
parent 2181061c6e
commit cce57c4613
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -14798,7 +14798,7 @@ run_ssl_poodle() {
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for SSLv3 POODLE (Padding Oracle On Downgraded Legacy Encryption) " && outln
pr_bold " POODLE, SSL"; out " ($cve) " pr_bold " POODLE, SSL"; out " ($cve) "
if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -ne 0 ]]; then if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -eq 1 ]]; then
# one condition should normally suffice but we don't know when run_poddle() was called # one condition should normally suffice but we don't know when run_poddle() was called
pr_svrty_best "not vulnerable (OK)" pr_svrty_best "not vulnerable (OK)"
outln ", no SSLv3 support" outln ", no SSLv3 support"