Unknown TLS Alert, type 70

[lilyanatia]

i attempted to check a TLS 1.2-only server with tlsenum, and it just does this:

$ tlsenum thinkindifferent.net 443
Traceback (most recent call last):
  File "/usr/bin/tlsenum", line 9, in <module>
    load_entry_point('tlsenum==0.2', 'console_scripts', 'tlsenum')()
  File "/usr/lib/python3.4/site-packages/click/core.py", line 664, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3.4/site-packages/click/core.py", line 644, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3.4/site-packages/click/core.py", line 837, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3.4/site-packages/click/core.py", line 464, in invoke
    return callback(*args, **kwargs)
  File "/usr/lib/python3.4/site-packages/tlsenum/__init__.py", line 107, in cli
    server_hello = ServerHello.parse_server_hello(server_hello)
  File "/usr/lib/python3.4/site-packages/tlsenum/parse_hello.py", line 230, in parse_server_hello
    server_hello.content.alert_description
ValueError: Unknown TLS Alert, type 70

according to https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml, alert 70 is protocol_version.

[Ayrx]

Hi, thanks for the report! I have pushed a commit that should fix this. Do you mind pulling from master and trying again to see if this fixes the issue? FWIW this is what I am seeing.

$ tlsenum thinkindifferent.net 443                                                                          !3135 TLS Versions supported by server: 1.2
Deflate compression: No
Supported Cipher suites in order of priority:
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

I'll release an updated version as soon as you confirm the fix works. :)

[lilyanatia]

i just tested it, and I'm seeing the same thing. it looks like it works!

[Ayrx]

Version 0.3 has been released with this fix. Thanks for the report! :)