mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-16 11:53:43 +01:00
force at least TLSv1.0 in curves tolerance test
because to advertise curves to server we need extensions and extensions are only available in TLSv1.0 or later, we need to force OpenSSL not to send SSLv2 compatible hello if it thinks it's ok to do (when there are SSLv2 ciphers present in cipherstring it will try to)
This commit is contained in:
parent
b5ce264ea3
commit
65ad1a7385
@ -758,6 +758,9 @@ test_ecc_curves() {
|
|||||||
sslcommand+=" -CAfile $CACERTS"
|
sslcommand+=" -CAfile $CACERTS"
|
||||||
fi
|
fi
|
||||||
sslcommand+=" -status $SCLIENTARGS -connect $TARGET -cipher $ecc_ciphers"
|
sslcommand+=" -status $SCLIENTARGS -connect $TARGET -cipher $ecc_ciphers"
|
||||||
|
# force the TLS to send a TLS1.0 client hello at least, as with SSLv2
|
||||||
|
# ciphers present it will try to send a SSLv2 compatible client hello
|
||||||
|
sslcommand+=" -no_ssl2 -no_ssl3"
|
||||||
|
|
||||||
#
|
#
|
||||||
# here we use the same logic as with detecting cipher suites: first
|
# here we use the same logic as with detecting cipher suites: first
|
||||||
|
Loading…
Reference in New Issue
Block a user