local error: tls: no renegotiation

[ehsandeep]

Nuclei version:

dev | main

Current Behavior:

[WRN] [tech-detect] Could not execute request for https://moh.gov.sy: GET https://moh.gov.sy giving up after 2 attempts: Get "https://moh.gov.sy": local error: tls: no renegotiation

Expected Behavior:

[VER] [tech-detect] Sent HTTP request to https://moh.gov.sy

Steps To Reproduce:

echo https://moh.gov.sy | nuclei -id tech-detect -v

Anything else:

• works with curl (curl -v https://moh.gov.sy)
• works with tlsx
• same issue with httpx

[jimen0]

This should be an issue in httpx instead as it's affected too and that's why nuclei fails @ehsandeep

$ httpx -v -u https://moh.gov.sy
...
[DBG] Failed 'https://moh.gov.sy': GET https://moh.gov.sy giving up after 1 attempts: Get "https://moh.gov.sy": local error: tls: no renegotiation

[jimen0]

Working Go snippet. Might be useful to compare nuclei/httpx TLS config against it:

package main

import (
	"crypto/tls"
	"fmt"
	"io"
	"net/http"
)

func main() {
	tr := &http.Transport{
		TLSClientConfig: &tls.Config{Renegotiation: tls.RenegotiateOnceAsClient},
	}
	http.DefaultClient.Transport = tr

	res, err := http.DefaultClient.Get("https://moh.gov.sy")
	if err != nil {
		panic(err)
	}
	defer res.Body.Close()

	_, err = io.Copy(io.Discard, res.Body)
	if err != nil {
		panic(err)
	}

	fmt.Println(res.StatusCode)
}

[ehsandeep]

This should be an issue in httpx instead as it's affected too and that's why nuclei fails @ehsandeep

$ httpx -v -u https://moh.gov.sy
...
[DBG] Failed 'https://moh.gov.sy': GET https://moh.gov.sy giving up after 1 attempts: Get "https://moh.gov.sy": local error: tls: no renegotiation

it's an issue affecting both project, a similar fix will be applied on both projects.

[tarunKoyalwar]

looks like this needs to be fixed in projectdiscovery/retyrablehttp-go as it used in both http , nuclei and also in other projects