Comments (8)
nabla-c0d3
commented on May 21, 2024
The test for heartbleed is not 100% reliable and may trigger a timeout. The methodology used by SSLyze is described here: https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/
from sslyze.
six8
commented on May 21, 2024
Is the timeout an indication that the server is not vulnerable? This times out every time for me.
from sslyze.
mhuuhka
commented on May 21, 2024
im getting the timeout aswell. Would be nice to get an answer to earlier question.
from sslyze.
nabla-c0d3
commented on May 21, 2024
This was fixed in #217
from sslyze.
glestel
commented on May 21, 2024
With the migration to 1.1.1. I'm getting [u'Unhandled exception while running --heartbleed:', u'timeout - timed out'] on a domain that never triggered error with previous version
from sslyze.
ericrange
commented on May 21, 2024
this "exception" is already in 1.0.0
but as @nabla-c0d3 said, you get an exception if u are not vulnerable to heartbleed.
from sslyze.
nabla-c0d3
commented on May 21, 2024
@glestel can you post or send me the domain? I am working on a better fix in the raw-tls-parsing branch so I want to try it.
from sslyze.
glestel
commented on May 21, 2024
Sent you a mail with domains of interest
from sslyze.
Related Issues (20)
- Remove support for Python 3.7 HOT 1
- Remove support for pydantic 1.x HOT 1
- centos7+python3.11 Segmentation fault HOT 2
- Bump upper pydantic requirement HOT 2
- "Server rejected the connection" but server is healthy
- ssl.match_hostname() is deprecated HOT 6
- _ConnectivityTesterThread stuck with uncaught error HOT 1
- Etherscan HOT 1
- Add support for Python 3.12 HOT 2
- Please support pydantic-2.5.3 HOT 1
- Scan hangs forever when "invalid padding" error occurs HOT 2
- CLI parameter negation HOT 1
- Switch to cryptography for x509 chain validation HOT 1
- Client Initiated Renegotiation False Positive HOT 1
- Please Add to the 5.1.3 Release Notes That It Is the Last Version to Support Windows 7 HOT 1
- Please bump cryptography requirement upper bound as there are known vulnerabilities in cryptography <42 HOT 2
- by default sslyze is now skipping secure header check
- JSON output breaks if OCSP response is not successful
- Build docker image for Mac (arm64)
- [question] Does sslyze support OpenSSL 3.0+?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sslyze.