Open Antict opened 2 years ago
Interesting. Don't know what the heck yahoo is doing there.
I don't see that we should work around this in testssl.sh. Thus I consider this not to be a bug request but a feature request. And the feature is basically already implemented, which is: stop testing. What we could do is emphasise such a buggy server behaviour. Thus I'll leave this open and put it into the long feature list.
BTW: If you really want to follow your route MAX_STARTTLS_FAIL=<somehighnumber> ./testssl.sh <cmdline>
should help
Testing the domain (yahoo.de) with https://ssl-tools.net/mailservers/yahoo.de returns a valid result.
This doesn't serve as a good example. Maybe the opposite is the case, i.e. if they also detected not stable STARTTLS offerings and it's labeled as "all is fine".
For the EHLO request, the email server 188.125.72.74 sometimes returns a response including
S: 250 STARTTLS
and sometimes it does not. Thus the test run fails, whenS: 250 STARTTLS
is not included in the response.Command line / docker command to reproduce Try it about 5 times because it is flaky
./testssl.sh --debug 2 -p -t smtp --ids-friendly 188.125.72.74:25
Expected behavior When
S: 250 STARTTLS
is not found in the response, some retries are made. Testing the domain (yahoo.de) with https://ssl-tools.net/mailservers/yahoo.de returns a valid result.Your system (please complete the following information):