Heartbleed icon indicating copy to clipboard operation
Heartbleed copied to clipboard
verified publisher icon FiloSottile

change text "handshare failure" to "handshake failure or TLS extension not supported"

Open Wikinaut opened this issue 11 years ago • 3 comments

I do see "handshake failure" for servers which do not offer TLS, so the text should inform about this possibility.alertHandshakeFailure: "handshake failure. This could mean that the TLS extension is not supported.",

I haven't tested this code change yet.

Wikinaut avatar Apr 08 '14 16:04 Wikinaut

By TLS extension you mean TLS itself?

FiloSottile avatar Apr 08 '14 17:04 FiloSottile

@FiloSottile when a server runs an older openssl which do not offer TLS, than your script says "handshake failure", but users then do not know whether this is a "good" or "bad" server (with respect to the Heartbleed bug).

This is why I suggest to show then my proposed text.

You can compare your tool against the competitive tool http://possible.lv/tools/hb/ which in such cases (no TLS implemented) says

Looking for TLS extensions on https://www.example.org

ext 65281 (renegotiation info, length=1)
ext 00035 (session ticket, length=0)
TLS extension 15 (heartbeat) seems disabled, so your server is probably unaffected.

Wikinaut avatar Apr 08 '14 17:04 Wikinaut

Test case: https://mozilla.org

garrettr avatar Apr 16 '14 19:04 garrettr