From a20d98bbfae53a77ca5871e87de3ed05f8bc8304 Mon Sep 17 00:00:00 2001
From: David Cooper <dcooper16@gmail.com>
Date: Fri, 28 Jul 2017 12:07:29 -0400
Subject: [PATCH] Make two attempts to connect with TLSv1.2

In `run_protocols()` for TLS 1.2, try one set of 127 ciphers and if the result isn't a connection at TLSv1.2 then try another set of 127 ciphers before giving up and assuming that TLS 1.2 isn't supported.
---
 testssl.sh | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 1e7a88a..c9ba3cd 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -3831,6 +3831,7 @@ run_protocols() {
      local latest_supported=""  # version.major and version.minor of highest version supported by the server.
      local detected_version_string latest_supported_string
      local lines nr_ciphers_detected
+     local -i ret
 
      outln; pr_headline " Testing protocols "
 
@@ -4029,10 +4030,16 @@ run_protocols() {
      pr_bold " TLS 1.2    ";
      if "$using_sockets"; then
           tls_sockets "03" "$TLS12_CIPHER"
+          ret=$?
+          if [[ $ret -ne 0 ]]; then
+               tls_sockets "03" "$TLS12_CIPHER_2ND_TRY"
+               [[ $? -eq 0 ]] && ret=0
+          fi
      else
           run_prototest_openssl "-tls1_2"
+          ret=$?
      fi
-     case $? in
+     case $ret in
           0)   prln_done_best "offered (OK)"
                fileout "tls1_2" "OK" "TLSv1.2 is offered"
                latest_supported="0303"