You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
With the sparse availability of IPv4, shared IPs and SNI are a must have, that is included in sslyze.
In the wild, some servers also send a different certificate for SNI-less requests, which acts as a default.
Some old clients (w/o SNI support) therefore might receive this other certificate.
Describe the solution you'd like
This scan could be included in the scan, to discover a broader range of leaf certificates that are served by/for the given host.
Describe alternatives you've considered
I can also just resolve the IP of the host and start a scan with the SNI set to the IP instead of the host name, which often coincides with the "default cert" - but does not really have to, as i understand.
Additional context
The functionality is mostly implemented already. #202
Further changes/complexity will be brought to SNI anyways. #452
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
With the sparse availability of IPv4, shared IPs and SNI are a must have, that is included in sslyze.
In the wild, some servers also send a different certificate for SNI-less requests, which acts as a default.
Some old clients (w/o SNI support) therefore might receive this other certificate.
Describe the solution you'd like
This scan could be included in the scan, to discover a broader range of leaf certificates that are served by/for the given host.
Describe alternatives you've considered
I can also just resolve the IP of the host and start a scan with the SNI set to the IP instead of the host name, which often coincides with the "default cert" - but does not really have to, as i understand.
Additional context
The functionality is mostly implemented already.
#202
Further changes/complexity will be brought to SNI anyways.
#452
The text was updated successfully, but these errors were encountered: