Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl_scan_sock sending old TLS headers? #34

Open
daveschaefer opened this issue Jan 23, 2014 · 3 comments
Open

ssl_scan_sock sending old TLS headers? #34

daveschaefer opened this issue Jan 23, 2014 · 3 comments
Labels
Bug

Comments

@daveschaefer
Copy link
Collaborator

If you do not scan with SNI, ssl_scan_sock gets a 'protocol version' error from some sites:

python ssl_scan_sock.py howsmyssl.com:443
Error scanning howsmyssl.com:443 - Fatal (2): Code 70 - Protocol Version: The protocol version sent is recognized but not supported.

Perhaps this is happening because we're sending an old client_hello message from an older TLS spec? This should be updated.
@daveschaefer
Copy link
Collaborator Author

Apparently the hex contstants in ssl_scan_sock.py may be raw captures from a Wireshark trace. We may be able to trace a client hello with a newer version of openssl, or perhaps we could decipher the constants and write them in a more maintainable way.

@daveschaefer daveschaefer mentioned this issue Oct 16, 2014
Open
@daveschaefer
Copy link
Collaborator Author

While working on this a long while back I found a number of things that should be fixed. Created #45 to track it all.

@netsafe
Copy link

netsafe commented Jun 20, 2015

consider closing this issue, because SNI is implemented in OpenSSL long time ago, and I've also fixed it implementing a round-robin for OpenSSL scanner

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daveschaefer @netsafe