Merge pull request #2711 from testssl/fix_2708_TLS_FALLBACK_SCSV_3.0

drwetter · web-flow · commit 5a320df08102 · 2025-03-20T12:09:19.000+01:00
Set POODLE var when exiting run_ssl_poodle()
diff --git a/testssl.sh b/testssl.sh
@@ -15067,10 +15067,12 @@ run_ssl_poodle() {
      pr_bold " POODLE, SSL"; out " ($cve)               "
 
      if "$TLS13_ONLY" || [[ $(has_server_protocol ssl3) -eq 1 ]]; then
-          # one condition should normally suffice but we don't know when run_poddle() was called
+          # one condition should normally suffice but we don't know when run_poodle() was called
           pr_svrty_best "not vulnerable (OK)"
           outln ", no SSLv3 support"
           fileout "$jsonID" "OK" "not vulnerable, no SSLv3" "$cve" "$cwe"
+          # otherwise we'll get a non-zero return code + a warning 'Rerun including POODLE SSL check' @ TLS_FALLBACK_SCSV, see #2708
+          POODLE=1
           return 0
      fi
 
