"Unable to parse certificate" with version 2.1.1 #298
Comments
jtesta
added a commit
to jtesta/sslscan
that referenced
this issue
Nov 10, 2023
|
@strongBurger : thanks for reporting! I submitted PR #299 to address this issue. |
|
thanks, |
|
On Sat, 2023-11-11 at 01:54 -0800, strongBurger wrote:
thanks,
also the "Supported Server Cipher(s):" doesnt show anything, i hope
this fixes that too
I missed that part the first time around. I just updated the PR to fix
ciphersuite enumeration as well. Thanks!
|
rbsec
added a commit
that referenced
this issue
Nov 14, 2023
Fixed certificate parsing against some servers. (#298)
|
@strongBurger I've tagged a new release as 2.1.2 with the fixes for this included, so hopefully that'll work for you. @jtesta fantastic as always. You don't see many systems around that still use unsafe renegotiation (especially ones that only support TLSv1.2?). A rather odd setup.. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
C:\Users\user7>sslscan maccosmetics.fr
Version: 2.1.1 Windows 64-bit (Mingw)
OpenSSL 3.0.9 30 May 2023
Connected to 63.158.167.241
Testing SSL server maccosmetics.fr on port 443 using SNI name maccosmetics.fr
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 enabled
TLSv1.3 disabled
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLSv1.2 not vulnerable to heartbleed
Supported Server Cipher(s):
Server Key Exchange Group(s):
TLSv1.2 112 bits secp224r1
TLSv1.2 128 bits secp256r1 (NIST P-256)
TLSv1.2 192 bits secp384r1 (NIST P-384)
TLSv1.2 260 bits secp521r1 (NIST P-521)
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Unable to parse certificate
Certificate information cannot be retrieved.
compared to version 2.0.16:
C:\Users\user7>sslscan maccosmetics.fr
Version: 2.0.16 Windows 64-bit (Mingw)
OpenSSL 1.1.1u-dev xx XXX xxxx
Connected to 63.158.167.241
Testing SSL server maccosmetics.fr on port 443 using SNI name maccosmetics.fr
SSL/TLS Protocols:
SSLv2 disabled
SSLv3 disabled
TLSv1.0 disabled
TLSv1.1 disabled
TLSv1.2 enabled
TLSv1.3 disabled
TLS Fallback SCSV:
Server supports TLS Fallback SCSV
TLS renegotiation:
Session renegotiation not supported
TLS Compression:
Compression disabled
Heartbleed:
TLSv1.2 not vulnerable to heartbleed
Supported Server Cipher(s):
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Server Key Exchange Group(s):
TLSv1.2 112 bits secp224r1
TLSv1.2 128 bits secp256r1 (NIST P-256)
TLSv1.2 192 bits secp384r1 (NIST P-384)
TLSv1.2 260 bits secp521r1 (NIST P-521)
SSL Certificate:
Signature Algorithm: sha256WithRSAEncryption
RSA Key Strength: 2048
Subject: maccosmetics.fr
Altnames: DNS:maccosmetics.fr
Issuer: R3
Not valid before: Sep 30 09:18:48 2023 GMT
Not valid after: Dec 29 09:18:47 2023 GMT
The text was updated successfully, but these errors were encountered: