-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Sluggish execution for --server-defaults #2382
Comments
Hello @l4rm4nd, The issue is that this server is configured to use TLS_CHACHA20_POLY1305_SHA256 as its most preferred TLS 1.3 cipher suite. When running A simple solution is to use the Running |
Thanks for the quick reply. I can confirm that the following command, using OpenSSL 3.0.9, is much faster and fixes the issue:
|
Hey @dcooper16, when I use OpenSSL specifically, the RC4 ciphers checks will not work, as those are not enabled for OpenSSL anymore in newer versions. I assume I would have to build OpenSSL manually and enable those in order to test for RC4 with testssl.sh. Any other ideas, how RC4 may be scanned without building OpenSSL from source? Thanks in advance! |
Hello @l4rm4nd, Can you point to a server for which the RC4 checks are not working? The RC4 checks should work even if the OpenSSL you are using does not support RC4, unless you are using the |
Hi @dcooper16, basically the same host:
In my case, this leads to the following warning:
|
Ok, removing the |
Reopening as I believe we can do better, at least for the TLS 1.3 -part, like: if there's a situation we need TLS 1.3 and the supplied binary doesn't support it, check for /usr/bin/openssl. I created the PR #2384 which can be used as a basis. If anyboady wants to step in (@dcooper16 ?) that would be much appreciated. |
Before you open an issue please check which version you are running and whether it is the latest in stable / dev branch
I am running version
commit 27c77071ebd03ce88c2605b6f42768ff1d55b4bf
andtestssl.sh 3.2rc2
Command line / docker command to reproduce
Expected behavior
Testss.sh returns the results in a reasonable amount of time.
Actual behavior
Testssl.sh runs almost infinitely long. Takes multiple minutes. Does not occur for other target urls.
Your system (please complete the following information):
The text was updated successfully, but these errors were encountered: