@@ -17107,13 +17107,14 @@ run_renego() {
1710717107 else
1710817108 # Clear the log to not get the content of previous run before the execution of the new one.
1710917109 echo -n > $TMPFILE
17110- touch $TEMPDIR/not_killed
17110+ #RENEGOTIATING wait loop watchdog file
17111+ touch $TEMPDIR/allowed_to_loop
1711117112 # If we dont wait for the session to be established on slow server, we will try to re-negotiate
1711217113 # too early losing all the attempts before the session establishment as OpenSSL will not buffer them
1711317114 # (only the first will be till the establishement of the session).
1711417115 (j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]]; do sleep $ssl_reneg_wait; j=$(($j+1)); done; \
1711517116 for ((i=0; i < $ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; j=0; \
17116- while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/not_killed ]] && [[ $k -lt 180 ]]; \
17117+ while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/allowed_to_loop ]] && [[ $k -lt 180 ]]; \
1711717118 do sleep $ssl_reneg_wait; k=$(($k+1)); done; \
1711817119 done) | \
1711917120 $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
@@ -17125,11 +17126,12 @@ run_renego() {
1712517126 tmp_result=$?
1712617127 pkill -HUP -P $watcher
1712717128 wait $watcher
17129+ rm -f $TEMPDIR/allowed_to_loop
1712817130 # If we are here, we have done two successful renegotiation (-2) and do the loop
1712917131 loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE )-2))
1713017132 if [[ -f $TEMPDIR/was_killed ]]; then
1713117133 tmp_result=2
17132- rm -f $TEMPDIR/not_killed
17134+ rm -f $TEMPDIR/was_killed
1713317135 fi
1713417136 case $tmp_result in
1713517137 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
0 commit comments