Skip to content

Commit 71f60a1

Browse files
drwetterdrwetter
authored
Merge pull request #2892 from testssl/lucky_phrasing_3.2
Lucky13: improve phrasing for 3.2
2 parents 13c7977 + ae5033a commit 71f60a1

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

t/baseline_data/default_testssl.csvfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@
104104
"LOGJAM-common_primes","testssl.sh/81.169.166.184","443","OK","--","CVE-2015-4000","CWE-310"
105105
"BEAST_CBC_TLS1","testssl.sh/81.169.166.184","443","MEDIUM","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","CVE-2011-3389","CWE-20"
106106
"BEAST","testssl.sh/81.169.166.184","443","LOW","VULNERABLE -- but also supports higher protocols TLSv1.1 TLSv1.2 (likely mitigated)","CVE-2011-3389","CWE-20"
107-
"LUCKY13","testssl.sh/81.169.166.184","443","LOW","potentially vulnerable, uses TLS CBC ciphers","CVE-2013-0169","CWE-310"
107+
"LUCKY13","testssl.sh/81.169.166.184","443","LOW","potentially vulnerable, uses obsolete TLS CBC ciphers","CVE-2013-0169","CWE-310"
108108
"winshock","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2014-6321","CWE-94"
109109
"RC4","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2013-2566 CVE-2015-2808","CWE-310"
110110
"clientsimulation-android_70","testssl.sh/81.169.166.184","443","INFO","TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384","",""

testssl.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19608,8 +19608,8 @@ run_lucky13() {
1960819608
fi
1960919609
if [[ $sclient_success -eq 0 ]]; then
1961019610
out "potentially "
19611-
pr_svrty_low "VULNERABLE"; out ", uses cipher block chaining (CBC) ciphers with TLS. Check patches"
19612-
fileout "$jsonID" "LOW" "potentially vulnerable, uses TLS CBC ciphers" "$cve" "$cwe" "$hint"
19611+
pr_svrty_low "VULNERABLE"; out ", uses obsolete cipher block chaining ciphers with TLS, see server prefs."
19612+
fileout "$jsonID" "LOW" "potentially vulnerable, uses obsolete TLS CBC ciphers" "$cve" "$cwe" "$hint"
1961319613
# the CBC padding which led to timing differences during MAC processing has been solved in openssl (https://www.openssl.org/news/secadv/20130205.txt)
1961419614
# and other software. However we can't tell with reasonable effort from the outside. Thus we still issue a warning and label it experimental
1961519615
else

0 commit comments

Comments
 (0)