mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-29 04:49:44 +01:00
Correct client_renego timing bug.
OpenSSL will buffer only the first command till the establishment of the session. In case of slow session establishment, we could: * loose some renego trys missing proper mitigation implementation * loose some renego trys missing a real vulnerable host if 2/3 of the tries are lost during session establishment (very slow startup). Wait for the session to be fully establised before starting the renego loop.
This commit is contained in:
parent
62b5859d52
commit
faae91edbc
@ -17080,7 +17080,13 @@ run_renego() {
|
||||
pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
|
||||
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
|
||||
else
|
||||
(for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; done) | \
|
||||
# Clear the log to not get the content of previous run before the execution of the new one.
|
||||
echo -n > $TMPFILE
|
||||
# If we dont wait for the session to be established on slow server, we will try to re-negotiate
|
||||
# too early loosing all the attemps before the session establishment as OpenSSL will not buffer them
|
||||
# (only the first will be till the establishement of the session).
|
||||
(while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]]; do sleep 1; done; \
|
||||
for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; done) | \
|
||||
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
|
||||
pid=$!
|
||||
( sleep $(($ssl_reneg_attempts*3)) && kill $pid && touch $TEMPDIR/was_killed ) >&2 2>/dev/null &
|
||||
|
Loading…
Reference in New Issue
Block a user