From cb971b5336c43d8e8331e5baeea617b37c7cb4ee Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Mon, 21 Jul 2025 10:08:25 +0200
Subject: [PATCH] Doing a better guess for Opossum when tcp/80 is not a/v

This labels the result of a failed test for reaching
port 80 when no direct connection is possible as likely not
vulnerable.

This seems safe to say, as there's another check whether
a proxy is configured, like for corporate environments where
a connection is only allowed though the proxy.
---
 testssl.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index e362ad7..425103c 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -17735,8 +17735,10 @@ run_opossum() {
                          prln_local_problem "direct connection to port 80 failed, better try without proxy"
                          fileout "$jsonID" "WARN" "direct connection to port 80 failed, try w/o no proxy" "$cve" "$cwe"
                     else
-                         outln "connection to port 80 failed"
-                         fileout "$jsonID" "INFO" "connection to port 80 failed" "$cve" "$cwe"
+                         out "likely "
+                         pr_svrty_good "not vulnerable (OK)"
+                         outln ", connection to port 80 failed"
+                         fileout "$jsonID" "OK" "connection to port 80 failed" "$cve" "$cwe"
                     fi
                fi
           ;;