Merge pull request #2273 from dcooper16/fix2271_30

drwetter · web-flow · commit 3261e6e7a943 · 2022-11-11T16:28:48.000+01:00
Fix #2271
diff --git a/testssl.sh b/testssl.sh
@@ -15646,7 +15646,7 @@ run_drown() {
      # to $CERT_FINGERPRINT_SHA2, so if $CERT_FINGERPRINT_SHA2 is not empty, but
      # $RSA_CERT_FINGERPRINT_SHA2 is empty, then the server doesn't have an RSA certificate.
      if [[ -z "$CERT_FINGERPRINT_SHA2" ]]; then
-          get_host_cert "-cipher aRSA"
+          get_host_cert "-cipher aRSA -no_ssl2"
           [[ $? -eq 0 ]] && cert_fingerprint_sha2="$($OPENSSL x509 -noout -in $HOSTCERT -fingerprint -sha256 2>>$ERRFILE | sed -e 's/^.*Fingerprint=//' -e 's/://g' )"
      else
           cert_fingerprint_sha2="$RSA_CERT_FINGERPRINT_SHA2"
