Scan incomplete with server requiring client certificate #119
Comments
MarcT512
added a commit
to MarcT512/sslscan
that referenced
this issue
Jul 10, 2019
RFC: Experimental support for servers which require a client certificate (Fixes rbsec#119). Fix: Typo s/response/respond in "Some servers will fail to response to SSLv3 ciphers over STARTTLS" Fix: Logic error prevents show trusted CAs running with checkCertificate == true. RFC patch to enable scanning of servers which require a client certificate. How: Allow tests to continue in the event the SSL_connect() fails with certain "acceptable" errors . These are: SSL alert 40 (Handshake failure) SSL alert 46 (Certificate Unknown) SSL alert 42 (Bad Certificate) Testing is encouraged. Unfortunately I cannot provide any public test cases.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of problem:
When using sslscan against a server that is configured to only allow requests based with a valid client SSL certificate (aka bi-directional authentication), and sslscan cannot offer such a certificate, sslscan will not report any results.
The problem is the same as xambroz with DinoTools version
DinoTools/sslscan#8
The text was updated successfully, but these errors were encountered: