Skip to content

Commit

Permalink
Make sensitivity of is_vulnerable_to_client_renegotiation_dos configu…
Browse files Browse the repository at this point in the history
…rable
  • Loading branch information
mxsasha committed Aug 20, 2024
1 parent 761892b commit c7dee9a
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
2 changes: 1 addition & 1 deletion sslyze/plugins/session_renegotiation_plugin.py
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ def _test_client_renegotiation(server_info: ServerConnectivityInfo) -> Tuple[_Sc
try:
# Do a reneg multiple times in a row to be 100% sure that the server has no mitigations in place
# https://github.com/nabla-c0d3/sslyze/issues/473
for i in range(10):
for i in range(server_info.network_configuration.client_renegotiation_attempts):
ssl_connection.ssl_client.do_renegotiate()
accepts_client_renegotiation = True

Expand Down
4 changes: 4 additions & 0 deletions sslyze/server_setting.py
Original file line number Diff line number Diff line change
Expand Up @@ -173,6 +173,9 @@ class ServerNetworkConfiguration:
xmpp_to_hostname: The hostname to set within the `to` attribute of the XMPP stream. If not supplied, the
server's hostname will be used. Should only be set if the supplied `tls_wrapped_protocol` is an
XMPP protocol.
client_renegotiation_attempts: The number of attempts to make when testing the client initiated
renegotiation DoS vector. If the server accepts this many attempts,
is_vulnerable_to_client_renegotiation_dos is set. Default: 10.
network_timeout: The timeout (in seconds) to be used when attempting to establish a connection to the
server.
network_max_retries: The number of retries SSLyze will perform when attempting to establish a connection
Expand All @@ -184,6 +187,7 @@ class ServerNetworkConfiguration:
tls_client_auth_credentials: Optional[ClientAuthenticationCredentials] = None

xmpp_to_hostname: Optional[str] = None
client_renegotiation_attempts: int = 10

network_timeout: int = 5
network_max_retries: int = 3
Expand Down

0 comments on commit c7dee9a

Please sign in to comment.