Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-02-27 10:01:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Remove obsolete comment that SNI is not needed for ticketbleed

Browse Source 
See also aa5d4917cf (r1954824502)
This commit is contained in:
Dirk 2025-02-15 13:33:52 +01:00
parent 4b57f4c9f9
commit e79dc8161e
1 changed files with 0 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@ -16980,8 +16980,6 @@ run_ticketbleed() {
#FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output #FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output
# from a previous handshake) --> would save 1x connect. We have TLS_TICKET but not yet the ticket itself #FIXME # from a previous handshake) --> would save 1x connect. We have TLS_TICKET but not yet the ticket itself #FIXME
#ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerability of the TLS stack. If we'd do SNI here, we'd also need
# it in the ClientHello of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work!
# #
$OPENSSL s_client $(s_client_options "$BUGS $tls_proto $PROXY $SNI -connect $NODEIP:$PORT") </dev/null >$TMPFILE 2>$ERRFILE $OPENSSL s_client $(s_client_options "$BUGS $tls_proto $PROXY $SNI -connect $NODEIP:$PORT") </dev/null >$TMPFILE 2>$ERRFILE
sclient_connect_successful $? "$TMPFILE" sclient_connect_successful $? "$TMPFILE"