sslscan icon indicating copy to clipboard operation
sslscan copied to clipboard
verified publisher icon rbsec

Compression check relies on OpenSSL

Open rbsec opened this issue 5 years ago • 2 comments

The check for TLS compression relies on OpenSSL library supporting it - so will not be available if building dynamically. This can be worked around with a static build - but would be nice to do ourselves.

rbsec avatar Feb 22 '20 11:02 rbsec

Is there option to include existing libssl.a libcrypto.a to static build, instead of building OpenSSL again (let us say I have already self-built OpenSSL 1.1.1h with both shared and static libraries)?

If not, can you consider it? Thanks.

P.S: Tool is great, nice job

3eka avatar Nov 04 '20 11:11 3eka

I can't see any reason that you wouldn't be able to to statically link against a pre-compiled version, but it's not something that's in the Makefile as an option, so you'd have to patch that. Although maybe just symlinking the ./openssl directory to your version would be a quick workaround?

At some point the TLS compression check will be done manually (rather than via OpenSSL) - at which point it might even be possible to get rid of the static build entirely.

rbsec avatar Nov 06 '20 18:11 rbsec