Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

$FAST option + Local problem: /home/testssl/bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3" #1732

Open
binary64 opened this issue Sep 24, 2020 · 1 comment
Open

$FAST option + Local problem: /home/testssl/bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3" #1732

binary64 opened this issue Sep 24, 2020 · 1 comment
Labels
duplicate feature

Comments

@binary64
Copy link

Please make sure that you provide enough information so that we understand what your issue is about.

  1. Did you check the documentation in ~/doc/ or, if it is a different problem: Did you google for it?
    Yes only 2 false hits.

  2. uname -a
    Linux testing 4.19.0-10-cloud-amd64 Heartbleed for STARTTLS #1 SMP Debian 4.19.132-1 (2020-07-24) x86_64 GNU/Linux

  3. testssl version from the banner: testssl.sh -b 2>/dev/null | head -4 | tail -2
    ###########################################################
    testssl.sh 3.1dev from https://testssl.sh/dev/

    This program is free software. Distribution and
    modification under GPLv2 permitted.
    USAGE w/o ANY WARRANTY. USE IT AT YOUR OWN RISK!

    Please file bugs @ https://testssl.sh/bugs/

###########################################################

Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
on 756068a00b72:/home/testssl/bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")

  1. git log | head -1 (if running from git repo)

  2. openssl version used by testssl.sh: testssl.sh -b 2>/dev/null | awk -F':' '/openssl/ { print $2}'

openssl version

OpenSSL 1.1.1d 10 Sep 2019

  1. steps to reproduce: testssl.sh or docker command line, if possible incl. host
    docker run --rm -ti -v "${PWD}":/out/:rw drwetter/testssl.sh --severity LOW --fast --sneaky --jsonfile /out --color 0 --warnings batch XXX.XXXXX.com

  2. what exactly was happening, output is needed
    TLSv1.3 (no server order, thus listed by strength)
    Local problem: /home/testssl/bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3"
    Local problem: Your /home/testssl/bin/openssl.Linux.x86_64 does not support -tls1_3

  3. what did you expect instead?
    No "Local problems"
@drwetter
Copy link
Collaborator

Ok, thanks.

Yeah, the --fast option is/was a legacy thing. Actually I thought removing it, see #849.

That was before David implemented TLS 1.3. Also before ROBOT was there (David) So there might be some food for my thought in order to reconsider it and document it properly - other than in the help it doesn't show up.

The idea would be: use --fast to get an overview only. So no ROBOT check but use sockets for TLS 1.3 (or when a different openssl version is used as the one distributed) SSLv2+SSLv3 in sockets.

That will require a bit of time though which I can't dedicate atm. I won't stop anybody of giving a hand here though.

@drwetter drwetter changed the title Local problem: /home/testssl/bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3" $FAST option + Local problem: /home/testssl/bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3" Oct 3, 2020
@polarathene polarathene mentioned this issue Apr 4, 2023
Closed
drwetter added a commit that referenced this issue Aug 28, 2023
@drwetter
Deprecating $FAST / --fast
d196751 
As this option shows inconsistencies / wrong results and a fix would require
too much work at this moment this option is being hidden from the help. It
wasn't in the ~/doc .

See #849 , #2382, #1732 etc.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
duplicate feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@binary64 @drwetter