connected to service but Displaying all TLS Protocol disabled.

[mansoorsajjad76]

When connecting to some services i receive following message:
Connected to x.x.x.x

Testing SSL server x.x.x.x on port 443 using SNI name x.x.x.x

SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 disabled
TLSv1.3 disabled

TLS Fallback SCSV:
Connection failed - unable to determine TLS Fallback SCSV support

TLS renegotiation:
Session renegotiation not supported

TLS Compression:
Compression disabled

Heartbleed:

Supported Server Cipher(s):
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Certificate information cannot be retrieved.

[rbsec]

Does that port actually have a functional SSL service running that accepts connections? If so, can you share a pcap?

[jtesta]

@mansoorsajjad76 : if the target service is available on the public Internet, what's its IP & port? I can try debugging the issue if I get that info.

[wizdude]

i have the exact same issue here. i wanted to check the current version of TLS of an internal host only.

SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 disabled
TLSv1.3 disabled

but if i use testssh.sh (under WSL) to scan i get the correct results:

SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol
NPN/SPDY not offered
ALPN/HTTP2 h2, http/1.1 (offered)

the above is a test from my environment. for the environment i need to test this in i don't have the luxury of using WSL. it's all windows based.

[jtesta]

What is the target machine's OS/software stack? Is there any special configuration it uses? The more information you can provide, the more likely we'll be able to reproduce and fix the issue.

[wizdude]

this server is running Windows 2019 with IIS 10.0.
this specific server also runs Exchange 2019, but i'm not sure if that's important.

the server has TLS 1.0 and TLS 1.1 disabled and is only running TLS 1.2

[wizdude]

i've provided the external hostname of this machine to you via twitter dm.

[jtesta]

@wizdude : I just submitted a PR that fixes this issue. Giving me the hostname of the target that reproduces the problem was key in getting this fixed quickly. Thanks!!

@mansoorsajjad76 : this PR may fix your issue as well. We never received enough information from you to reproduce your issue, but you can give this patch a try and see what happens. If its still not fixed, providing the hostname/IP of the target you're using would be a big help.