Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Servers requesting client cert can cause scan to hang forever if server closes connection #612

Closed
FestiveKyle opened this issue Aug 17, 2023 · 2 comments · Fixed by #613
Closed

Servers requesting client cert can cause scan to hang forever if server closes connection #612

FestiveKyle opened this issue Aug 17, 2023 · 2 comments · Fixed by #613
Labels
fix ready

Comments

@FestiveKyle
Copy link
Contributor

FestiveKyle commented Aug 17, 2023
edited
Loading

Describe the bug

If a server requests a client cert but then closes the connection, the scan will never finish. The issue occurs at _detect_client_auth_requirement_with_tls_1_3 under check_connectivity_to_server during the ssl_connection_auth.ssl_client.read(1) step. The client throws an IOError here which doesn't get caught.

Expected behavior

The error would be caught and shown in the results.

Looking at _detect_support_for_tls_1_3, this error would be caught under OSError, perhaps this could be added to _detect_client_auth_requirement_with_tls_1_3 as well?

Python environment (please complete the following information):

  • OS: Ubuntu 22.04
  • Python version: 3.11.4

Additional context

Image of error:

image
@FestiveKyle FestiveKyle mentioned this issue Aug 17, 2023
Merged
@nabla-c0d3 nabla-c0d3 moved this to Todo in SSlyze 5.2.0 Aug 28, 2023
@nabla-c0d3
Copy link
Owner

Nice catch! Thanks for the detailed report and PR 👍👍

@nabla-c0d3 nabla-c0d3 moved this from Todo to Done in SSlyze 5.2.0 Sep 24, 2023
@nabla-c0d3
Copy link
Owner

Fixed in v5.2.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fix ready
Projects
No open projects
SSlyze 5.2.0
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Catch OSError when checking client auth requirement FestiveKyle/sslyze
2 participants
@nabla-c0d3 @FestiveKyle