Closed kylak closed 3 months ago
I just encountered a déjà vu. Why do you ask the same question twice?
And you asked the same question also at cipherscan. What's the reason, I am just curious.
-- Sent from my mobile. Apologize for my brevity and typos/autocorrection
Here's the answer : https://github.com/OWASP/O-Saft/issues/135#issuecomment-2230758138
Yeah, I remember having a discussion with EnDe a looong time back why testssl.sh doesn´t do that and scanning for every possible cipher suite. Conclusion was: Our tools have just different goals.
You can however try to scan with an undocumented feature like ./testssl.sh -q --devel 03 "cc,a8, cc,a9, cc,aa, cc,ab, cc,ac" blog.cloudflare.com
and use all IANA suites. ;-)
There's another issue why I believe in general the result maybe not reliable: for some cipher suites you would need to provide TLS extensions or specific values in those extensions, otherwise the server won't possibly accept the ClientHello, see e.g. https://github.com/drwetter/testssl.sh/issues/1207#issuecomment-468298835
There's another issue why I believe in general the result maybe not reliable: for some cipher suites you would need to provide TLS extensions or specific values in those extensions, otherwise the server won't possibly accept the ClientHello, see e.g. https://github.com/drwetter/testssl.sh/issues/1207#issuecomment-468298835
Just opened an issue here to know if O-Saft handles these scenarios.
Which version are you referring to The lastest.
Hello, does testssl.sh uses all IANA cipher suites ?
Thanks.