Sslyze backoff not supported when testing connectivity

[Th3R3p0]

Describe the bug sslyze is throwing a ConnectionToServerTimedOut exception when connecting to certain servers. This occurs because some servers have issues with multiple rapid TCP connections.

Here is the stack trace:

• _detect_support_for_tls_1_3
• ssl_connection.connect()
• ConnectionToServerTimedOut

To Reproduce Unable to provide reproduction steps as the server is unavailable for testing.

Expected behavior sslyze supports exponential backoff even in the testing connection phase.

Python environment (please complete the following information):

• OS: macOS Ventura
• Python version: 3.8.6

I have seen this issue on other OS distributions.

Additional context See comments below.

[Th3R3p0]

Update:

It appears the server sometimes has issues with too many connections occuring in a short time period. I have tested it with the following:

i = 0
while i < 5:
    print(socket.create_connection((server_network_location.ip_address, server_network_location.port), timeout=5))
    i += 1

and the python socket library throws the socket.timeout: timed out exception after successfully connecting a first time.

I'm trying to figure out why and if there is any logic that can be added to fix this. Incremental backoff logic may be the answer to the problem.

[Th3R3p0]

Ok I have found the culprit.

For some reason when opening a socket in rapid succession, the server cannot handle it (even after the first connection 🤦‍♂️). Sslyze supports exponential backoffs, but when testing the connections, sslyze disables the retry functionality. If I set should_retry_connection=True on the connection, then the script works flawlessly.

[nabla-c0d3]

Hello, Thanks for the bug report. For servers that are not able to support a lot of concurrent connections, SSLyze's --slow_connection option can be used. If this is still not enough and the server cannot support the load, then it cannot be scanned by SSLyze.