LittleNellie/cipherscan
2
0
Fork 0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 06:13:42 +01:00
Code Issues Releases Wiki Activity

force at least TLSv1.0 in curves tolerance test

Browse Source 
because to advertise curves to server we need extensions and
extensions are only available in TLSv1.0 or later, we need to force
OpenSSL not to send SSLv2 compatible hello if it thinks it's ok to
do (when there are SSLv2 ciphers present in cipherstring it will try to)
This commit is contained in:
Hubert Kario 2014-11-07 02:21:29 +01:00 committed by Julien Vehent
parent c52e008347
commit 224227cc5e
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cipherscan
View File

@ -758,6 +758,9 @@ test_ecc_curves() {
sslcommand+=" -CAfile $CACERTS"
fi
sslcommand+=" -status $SCLIENTARGS -connect $TARGET -cipher $ecc_ciphers"
# force the TLS to send a TLS1.0 client hello at least, as with SSLv2
# ciphers present it will try to send a SSLv2 compatible client hello
sslcommand+=" -no_ssl2 -no_ssl3"
#
# here we use the same logic as with detecting cipher suites: first