You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
sslyze does not work on Windows WSL (tested on Ubuntu 16.04.3 LTS, installed via pip) because nassl is compiled with executable stack.
I think executable stack is not necessary for nassl to work properly, because if I disable it, then sslyze seemingly works correctly. On the other hand enabling executable stack imposes a security risk.
all the linux distros work around this by providing the -Wa,--noexecstack incantation, but people who compile their own OpenSSL do not get these protections.
So it may resolve the issue if you add -Wa,--noexecstack to the appropriate configure script.
You can check whether the library is compiled with executable stack or not like this:
Compiled without executable stack (expected / good state):
$ execstack _nassl.so
- _nassl.so
Compiled with executable stack (current / bad state):
$ execstack _nassl.so
X _nassl.so
The text was updated successfully, but these errors were encountered:
sslyze
does not work on Windows WSL (tested onUbuntu 16.04.3 LTS
, installed viapip
) becausenassl
is compiled with executable stack.I think executable stack is not necessary for
nassl
to work properly, because if I disable it, thensslyze
seemingly works correctly. On the other hand enabling executable stack imposes a security risk.The related WSL issue: microsoft/WSL#2866
Turning executable stack off (for testing purposes):
A related
cryptography
package issue (pyca/cryptography#3993) links to anopenssl
issue (openssl/openssl#4575) where they say thatSo it may resolve the issue if you add
-Wa,--noexecstack
to the appropriate configure script.You can check whether the library is compiled with executable stack or not like this:
Compiled without executable stack (expected / good state):
Compiled with executable stack (current / bad state):
The text was updated successfully, but these errors were encountered: