Some sites not returning TLS/certificate info despite TLS being available

F5-Labs / cryptonice

CryptoNice is both a command line tool and library which provides the ability to scan and report on the configuration of SSL/TLS for your internet or internal facing web services. Built using the sslyze API and ssl, http-client and dns libraries, cryptonice collects data on a given domain and performs a series of tests to check TLS configuration and supporting protocols such as HTTP2 and DNS.

GNU General Public License v3.0

101 stars 25 forks source link

For example buzzfeed.com

cryptonice buzzfeed.com --scans tls dns http jarm --tls all

Traceback (most recent call last):
  File "/var/task/lambda_function.py", line 55, in lambda_handler
    output_data, hostname = scanner.scanner_driver(input_data)
  File "/opt/python/lib/python3.7/site-packages/cryptonice-1.3.7.1-py3.7.egg/cryptonice/scanner.py", line 453, in scanner_driver
    cert_fingerprint = tls_data['certificate_info']['certificate_0']['fingerprint']
KeyError: 'certificate_info'

This one is simply that the certificate_info key isn’t set.
That’s likely due to tls_data = tls_scan(ip_address, str_host, commands_to_run, port) not always setting it.

Pre-scan checks ------------------------------------- Scanning buzzfeed.com on port 443... Analyzing DNS data for buzzfeed.com Fetching additional records for buzzfeed.com buzzfeed.com resolves to 13.224.84.4 13.224.84.4:443: OPEN TLS is available: True Connecting to port 443 using HTTPS Reading HTTP headers for www.buzzfeed.com RESULTS ------------------------------------- Hostname: www.buzzfeed.com Selected Cipher Suite: None Selected TLS Version: None Supported protocols: TLS fingerprint: 29d29d00029d29d00041d41d00041d69337e5f535144f26f5d7e01b189f9d0 HTTP to HTTPS redirect: True HTTP Strict Transport Security: True (max-age=31536000; preload) None

F5-Labs / cryptonice

Some sites not returning TLS/certificate info despite TLS being available #45