Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2617 from dcooper16/fix2615

Browse Source 
Fix #2615
This commit is contained in:
Dirk Wetter
2025-01-16 16:51:47 +01:00
committed by GitHub
parent ef92cc70c9 8e184b886e
commit daf0671878
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@@ -11079,25 +11079,27 @@ run_fs() {
# A few servers get confused if the signature_algorithms extension contains too many entries. So:
# * For TLS 1.3, break the list into two and test each half separately.
# * For TLS 1.2, generally limit the signature_algorithms extension to algorithms that are consistent with the key type.
# At least one server gets confused if RSA+MD5 is offered first. So, the ordering is reversed so that the strongest
# options appear in $sigalgs_to_test first.
for hexc in "${sigalgs_hex[@]}"; do
if [[ "$proto" == 04* ]]; then
if ! "${tls13_supported_sigalgs[i]}"; then
if [[ "${proto##*-}" == 01 ]]; then
[[ $i -le 16 ]] && sigalgs_to_test+=", $hexc"
[[ $i -le 16 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test"
else
[[ $i -gt 16 ]] && sigalgs_to_test+=", $hexc"
[[ $i -gt 16 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test"
fi
fi
elif ! "${tls12_supported_sigalgs[i]}"; then
if [[ "$proto" =~ rsa ]]; then
if [[ "${hexc:3:2}" == 01 ]] || [[ "${hexc:0:2}" == 08 ]]; then
sigalgs_to_test+=", $hexc"
sigalgs_to_test=", $hexc$sigalgs_to_test"
fi
elif [[ "$proto" =~ dss ]]; then
[[ "${hexc:3:2}" == 02 ]] && sigalgs_to_test+=", $hexc"
[[ "${hexc:3:2}" == 02 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test"
else
if [[ "${hexc:3:2}" == 03 ]] || [[ "${hexc:0:2}" == 08 ]]; then
sigalgs_to_test+=", $hexc"
sigalgs_to_test=", $hexc$sigalgs_to_test"
fi
fi
fi