Closed ealashwali closed 6 years ago
prbinu
commented
6 years ago by default TLS client hello SNI field is set to the host name (from input file, stdio or -c flag) . --sni is primarily to override that behavior, and it cannot be passed using --infile
ealashwali
commented
6 years ago That's what I want. SNI will give more accurate responses.
ealashwali
commented
5 years ago Hi. I'm sorry but I need to get back to this point for clarification. If I did not set neither the flag -s or --sni in my command and I was reading domain names from a file using the --infile. Does this mean the tls-scan will add the SNI extension by default? Can you please confirm to me if I am correct? Or clarify. i.e. this command for example, will include SNI by default no matter that I added the -s directive or not as the SNI is added by default (the ciphers list is not fixed, you can assume different lists, this is just an example):
./tls-scan --infile=mylist.txt --port=443 --cacert=../../../../../etc/ssl/certs/ca-certificates.crt --concurrency=50 --timeout=5 --ciphers="ECDHE-ECDSA-AES128-GCM-SHA256" --outfile=results.json
prbinu
commented
5 years ago ealashwali
commented
5 years ago Thanks. I looked at this. Just need to be sure as I might be missing something. So I think it is set by default. But it will be helpful if you confirm. Thanks again.
ealashwali
commented
5 years ago Also, I was inputting the host names (domain names) from an input file and a command line. Not sure that line of code was about files input?
prbinu
commented
5 years ago by default your hostname is used for SNI.
Can you clarify please how to specify this argument if I'm reading domain names from a
--infile?