mirror of
				https://github.com/drwetter/testssl.sh.git
				synced 2025-10-26 21:31:01 +01:00 
			
		
		
		
	Merge pull request #451 from dcooper16/beast_no_ssl3
Warning on BEAST when no local SSLv3 support
This commit is contained in:
		
						commit
						b9c0ac9ee3
					
				
							
								
								
									
										14
									
								
								testssl.sh
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								testssl.sh
									
									
									
									
									
								
							| @ -6742,11 +6742,21 @@ run_beast(){ | |||||||
|      done |      done | ||||||
| 
 | 
 | ||||||
|      for proto in ssl3 tls1; do |      for proto in ssl3 tls1; do | ||||||
|  |           if [[ "$proto" == "ssl3" ]] && ! locally_supported "-$proto"; then | ||||||
|  |                continued=true | ||||||
|  |                out "                                           " | ||||||
|  |                continue | ||||||
|  |           fi | ||||||
|           $OPENSSL s_client -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE </dev/null |           $OPENSSL s_client -"$proto" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI >$TMPFILE 2>>$ERRFILE </dev/null | ||||||
|           if ! sclient_connect_successful $? $TMPFILE; then      # protocol supported? |           if ! sclient_connect_successful $? $TMPFILE; then      # protocol supported? | ||||||
|                if "$continued"; then                             # second round: we hit TLS1 |                if "$continued"; then                             # second round: we hit TLS1 | ||||||
|                     pr_done_goodln "no SSL3 or TLS1 (OK)" |                     if "$HAS_SSL3"; then | ||||||
|                     fileout "beast" "OK" "BEAST (CVE-2011-3389) : not vulnerable (OK) no SSL3 or TLS1" |                          pr_done_goodln "no SSL3 or TLS1 (OK)" | ||||||
|  |                          fileout "beast" "OK" "BEAST (CVE-2011-3389) : not vulnerable (OK) no SSL3 or TLS1" | ||||||
|  |                     else | ||||||
|  |                          pr_done_goodln "no TLS1 (OK)" | ||||||
|  |                          fileout "beast" "OK" "BEAST (CVE-2011-3389) : not vulnerable (OK) no TLS1" | ||||||
|  |                     fi | ||||||
|                     return 0 |                     return 0 | ||||||
|                else                # protocol not succeeded but it's the first time |                else                # protocol not succeeded but it's the first time | ||||||
|                     continued=true |                     continued=true | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user