decal / ssltest-stls Goto Github PK

Hi

options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160))

should be

options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')

Doesn't id? The last single quote is lost.

Thanks,
Bin Liu

As far as I recall, each of these protocols has a method for checking whether STARTTLS is even available, which should be used prior to attempting it. It would be good to see such checks in place.

Additionally, it should also be possible to autodetect which of these STARTTLS protocols to attempt based on initial messages from the server, which should identify which protocol it expects. This would remove the need to manually identify the protocol on the commandline at all, something the OpenSSL team could also implement, but likely won't. It would simplify security-testing scripts calling this one.

Finally, the STARTTLS switch could likely be removed altogether if a TLS header check was implemented. If we're already in TLS mode, skip STARTTLS and run the test. Otherwise, check for STARTTLS support - if supported, enter TLS mode and continue the test; if not, quit gracefully, informing the user that the target doesn't support TLS.

Just some thoughts.