+pfs reports TLS13-* ciphers as "no PFS"

OWASP / O-Saft

O-Saft - OWASP SSL advanced forensic tool

GNU General Public License v2.0

372 stars 97 forks source link

+pfs reports TLS13-* ciphers as "no PFS" #145

Closed EnDe closed 1 month ago

EnDe commented 1 month ago

all checks (like +pfs, +cipher_pfs) report TLS13-* ciphers as "do not support PFS". This is wrong, because TLSv1.3 allows PFS ciphers only.

EnDe commented 1 month ago

Some PFS ciphers are also not detected because the cipher constant is not checked well. This results only in a wrong count of PFS ciphers in +cipher (=== Ciphers: Summary ===).

EnDe commented 1 month ago

fixed in o-saft.pl.