@@ -17107,13 +17107,14 @@ run_renego() {
1710717107 else
1710817108 # Clear the log to not get the content of previous run before the execution of the new one.
1710917109 echo -n > $TMPFILE
17110+ touch $TEMPDIR/not_killed
1711017111 # If we dont wait for the session to be established on slow server, we will try to re-negotiate
1711117112 # too early losing all the attempts before the session establishment as OpenSSL will not buffer them
1711217113 # (only the first will be till the establishement of the session).
17113- (while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]]; do sleep $ssl_reneg_wait; done; \
17114- for ((i=0; i < ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; \
17115- while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ ! -f $TEMPDIR/was_killed ]]; \
17116- do sleep $ssl_reneg_wait; done; \
17114+ (j=0; while [[ $(grep -ac '^SSL-Session:' $TMPFILE) -ne 1 ]] && [[ $j -lt 30 ]] ; do sleep $ssl_reneg_wait; j=$(($j+1)) ; done; \
17115+ for ((i=0; i < $ ssl_reneg_attempts; i++ )); do echo R; sleep $ssl_reneg_wait; j=0 ; \
17116+ while [[ $(grep -ac '^RENEGOTIATING' $ERRFILE) -ne $(($i+3)) ]] && [[ -f $TEMPDIR/not_killed ]] && [[ $k -lt 180 ]]; \
17117+ do sleep $ssl_reneg_wait; k=$(($k+1)); done; \
1711717118 done) | \
1711817119 $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>>$ERRFILE &
1711917120 pid=$!
@@ -17128,10 +17129,7 @@ run_renego() {
1712817129 loop_reneg=$(($(grep -ac '^RENEGOTIATING' $ERRFILE )-2))
1712917130 if [[ -f $TEMPDIR/was_killed ]]; then
1713017131 tmp_result=2
17131- sleep $ssl_reneg_wait # let the while loop see the watchdog file
17132- sleep $ssl_reneg_wait # and
17133- sleep $ssl_reneg_wait # avoid float arithmetic
17134- rm -f $TEMPDIR/was_killed
17132+ rm -f $TEMPDIR/not_killed
1713517133 fi
1713617134 case $tmp_result in
1713717135 0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat ($ssl_reneg_attempts attempts)"
0 commit comments