Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-10 18:50:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

don't parse invalid server reply for SSLv2

Browse Source
This commit is contained in:
typingArtist 2016-11-23 12:38:32 +01:00
parent 071edc794c
commit f3940bae0f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testssl.sh
View File

@ -6349,6 +6349,7 @@ parse_sslv2_serverhello() {
# [cipher spec length] ==> ciphers GOOD: HERE ARE ALL CIPHERS ALREADY! # [cipher spec length] ==> ciphers GOOD: HERE ARE ALL CIPHERS ALREADY!
local ret=3 local ret=3
local invalid=0
if [[ "$2" == "true" ]]; then if [[ "$2" == "true" ]]; then
echo "======================================" > $TMPFILE echo "======================================" > $TMPFILE
fi fi
@ -6372,6 +6373,7 @@ parse_sslv2_serverhello() {
if [[ $v2_hello_initbyte != "8" ]] || [[ $v2_hello_handshake != "04" ]]; then if [[ $v2_hello_initbyte != "8" ]] || [[ $v2_hello_handshake != "04" ]]; then
ret=1 ret=1
invalid=1
if [[ $DEBUG -ge 2 ]]; then if [[ $DEBUG -ge 2 ]]; then
echo "no correct server hello" echo "no correct server hello"
echo "SSLv2 server init byte: 0x0$v2_hello_initbyte" echo "SSLv2 server init byte: 0x0$v2_hello_initbyte"
@ -6400,7 +6402,7 @@ parse_sslv2_serverhello() {
fi fi
# Output list of supported ciphers # Output list of supported ciphers
if [[ "$2" == "true" ]]; then if [[ "$2" == "true" && "$invalid" == 0 ]]; then
let offset=26+$certificate_len let offset=26+$certificate_len
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
for (( i=0 ; i<nr_ciphers_detected; i++ )); do for (( i=0 ; i<nr_ciphers_detected; i++ )); do