Open chushuai opened 2 years ago
The tls1.3 branch includes tls1.3 support and also includes other enhancements- anything added to the upstream golang tls code since the (very old) tls implementation was lifted from upstream- at least 5 years ago
This includes (at least) early renegotiation handling. I'm not certain but I believe the portable ciphers profile is also exclusive to the tls1.3 branch for no particular reason aside from the fact that those interested in "better" tls support were using that branch
You can see part of this if you track the zcrypto portion of https://github.com/zmap/zgrab2/pull/334
tl; dr; this is expected behavior as far as I know
Use branch master and feature/tlsv1.3 to scan the same ip+port, The results of secure_renegotiation and scts are different