Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-30 04:11:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2617 from dcooper16/fix2615

Browse Source 
Fix #2615
This commit is contained in:
Dirk Wetter 2025-01-16 16:51:47 +01:00 committed by GitHub
commit daf0671878
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@ -11079,25 +11079,27 @@ run_fs() {
# A few servers get confused if the signature_algorithms extension contains too many entries. So:
# * For TLS 1.3, break the list into two and test each half separately.
# * For TLS 1.2, generally limit the signature_algorithms extension to algorithms that are consistent with the key type.
# At least one server gets confused if RSA+MD5 is offered first. So, the ordering is reversed so that the strongest
# options appear in $sigalgs_to_test first.
for hexc in "${sigalgs_hex[@]}"; do
if [[ "$proto" == 04* ]]; then
if ! "${tls13_supported_sigalgs[i]}"; then
if [[ "${proto##*-}" == 01 ]]; then
[[ $i -le 16 ]] && sigalgs_to_test+=", $hexc"
[[ $i -le 16 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test"
else
[[ $i -gt 16 ]] && sigalgs_to_test+=", $hexc"
[[ $i -gt 16 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test"
fi
fi
elif ! "${tls12_supported_sigalgs[i]}"; then
if [[ "$proto" =~ rsa ]]; then
if [[ "${hexc:3:2}" == 01 ]] || [[ "${hexc:0:2}" == 08 ]]; then
sigalgs_to_test+=", $hexc"
sigalgs_to_test=", $hexc$sigalgs_to_test"
fi
elif [[ "$proto" =~ dss ]]; then
[[ "${hexc:3:2}" == 02 ]] && sigalgs_to_test+=", $hexc"
[[ "${hexc:3:2}" == 02 ]] && sigalgs_to_test=", $hexc$sigalgs_to_test"
else
if [[ "${hexc:3:2}" == 03 ]] || [[ "${hexc:0:2}" == 08 ]]; then
sigalgs_to_test+=", $hexc"
sigalgs_to_test=", $hexc$sigalgs_to_test"
fi
fi
fi