Skip to content

Commit 0047e1f

Browse files
drwetterdrwetter
authored
Merge pull request #2153 from dcooper16/no_session_id_30
Fix setting NO_SESSION_ID
2 parents 55785af + 0d596e2 commit 0047e1f

1 file changed

Lines changed: 13 additions & 7 deletions

File tree

testssl.sh

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -305,7 +305,7 @@ TMPFILE=""
305305
ERRFILE=""
306306
CLIENT_AUTH=false
307307
TLS_TICKETS=false
308-
NO_SSL_SESSIONID=false
308+
NO_SSL_SESSIONID=true
309309
CERT_COMPRESSION=${CERT_COMPRESSION:-false} # secret flag to set in addition to --devel for certificate compression
310310
HOSTCERT="" # File with host certificate, without intermediate certificate
311311
HEADERFILE=""
@@ -7183,14 +7183,19 @@ tls_time() {
71837183
#
71847184
sclient_connect_successful() {
71857185
local server_hello="$(cat -v "$2")"
7186+
local connect_success=false
71867187
local re='Master-Key: ([^\
71877188
]*)'
71887189

7189-
[[ $1 -eq 0 ]] && return 0
7190-
if [[ "$server_hello" =~ $re ]]; then
7191-
[[ -n "${BASH_REMATCH[1]}" ]] && return 0
7190+
[[ $1 -eq 0 ]] && connect_success=true
7191+
if ! "$connect_success" && [[ "$server_hello" =~ $re ]]; then
7192+
[[ -n "${BASH_REMATCH[1]}" ]] && connect_success=true
7193+
fi
7194+
! "$connect_success" && [[ "$server_hello" =~ (New|Reused)", "(SSLv[23]|TLSv1(\.[0-3])?(\/SSLv3)?)", Cipher is "([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]] && connect_success=true
7195+
if "$connect_success"; then
7196+
"$NO_SSL_SESSIONID" && [[ "$server_hello" =~ Session-ID:\ [a-fA-F0-9]{2,64} ]] && NO_SSL_SESSIONID=false
7197+
return 0
71927198
fi
7193-
[[ "$server_hello" =~ (New|Reused)", "(SSLv[23]|TLSv1(\.[0-3])?(\/SSLv3)?)", Cipher is "([A-Z0-9]+-[A-Za-z0-9\-]+|TLS_[A-Za-z0-9_]+) ]] && return 0
71947199
# what's left now is: master key empty and Session-ID not empty
71957200
# ==> probably client-based auth with x509 certificate. We handle that at other places
71967201
#
@@ -12496,6 +12501,7 @@ parse_tls_serverhello() {
1249612501
fi
1249712502
done
1249812503
fi
12504+
[[ "0x${DETECTED_TLS_VERSION:2:2}" -le "0x03" ]] && [[ $tls_sid_len -gt 0 ]] && NO_SSL_SESSIONID=false
1249912505

1250012506
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
1250112507
echo "Protocol : SSLv3" >> $TMPFILE
@@ -18389,7 +18395,7 @@ sclient_auth() {
1838918395
fi
1839018396
fi
1839118397
[[ $ret -eq 0 ]] && \
18392-
[[ -z $(awk '/Session-ID: / { print $2 }' "$2") ]] && NO_SSL_SESSIONID=true # NO_SSL_SESSIONID is preset globally first
18398+
[[ -n $(awk '/Session-ID: / { print $2 }' "$2") ]] && NO_SSL_SESSIONID=false
1839318399
return $ret
1839418400
}
1839518401

@@ -20161,7 +20167,7 @@ reset_hostdepended_vars() {
2016120167
KNOWN_OSSL_PROB=false
2016220168
TLS13_ONLY=false
2016320169
CLIENT_AUTH=false
20164-
NO_SSL_SESSIONID=false
20170+
NO_SSL_SESSIONID=true
2016520171
DH_GROUP_OFFERED=""
2016620172
DH_GROUP_LEN_P=0
2016720173
KEY_SHARE_EXTN_NR="33"

0 commit comments

Comments
 (0)