From cec5726f30da8c315c2402750f1c5bf4bc40c2ce Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Fri, 10 Jul 2020 19:52:47 +0200
Subject: [PATCH] Revised risk for BREACH --> medium

---
 testssl.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index c18299c..425f17b 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -16102,7 +16102,7 @@ run_breach() {
                ret=1
                ;;
           no_compression)
-               pr_svrty_best "no gzip/deflate/compress/br HTTP compression (OK) "
+               pr_svrty_good "no gzip/deflate/compress/br HTTP compression (OK) "
                outln "$disclaimer"
                fileout "$jsonID" "OK" "not vulnerable, no gzip/deflate/compress/br HTTP compression $disclaimer" "$cve" "$cwe"
                ret=0
@@ -16150,10 +16150,10 @@ run_breach() {
                          fi
                     done
                     detected_compression="$(strip_trailing_space "$detected_compression")"
-                    pr_svrty_high "potentially NOT ok, \"$detected_compression\" HTTP compression detected."
+                    pr_svrty_medium "potentially NOT ok, \"$detected_compression\" HTTP compression detected."
                     outln "$disclaimer"
                     outln "${spaces}${when_makesense}"
-                    fileout "$jsonID" "HIGH" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
+                    fileout "$jsonID" "MEDIUM" "potentially VULNERABLE, $detected_compression HTTP compression detected $disclaimer" "$cve" "$cwe" "$hint"
                fi
                debugme outln "${spaces}has_compression: ${has_compression[@]}"
                ;;