TLS-Scanner icon indicating copy to clipboard operation
TLS-Scanner copied to clipboard

Published 20 hours ago verified publisher icon tls-attacker

SUPPORTS_OCSP_STAPLING and SUPPORTS_TLS13_SESSION_TICKETS missing from JSON output

Open m10x opened this issue 11 months ago • 1 comments

SUPPORTS_OCSP_STAPLING is no longer included in the json output. The guideline report says, that SUPPORTS_OSCP wasn't tested, yet.

"checkName": "Certificates shall be issued by CA that publishes revocation information in OCSP responses",
          "adherence": "CHECK_FAILED",
          "hint": null,
          "property": "SUPPORTS_OCSP",
          "expectedResult": {
            "type": "TestResults",
            "value": "TRUE"
          },
          "actualResult": {
            "type": "TestResults",
            "value": "NOT_TESTED_YET"
          }

However, the certificateReportList in CERTIFICATE_CHAINS[value] cleary states that OSCP Stapling is not supported:

              "weakDebianKey": null,
              "issuer": "C=US O=DigiCert Inc CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1",
              "x509SignatureAlgorithm": "SHA256_WITH_RSA_ENCRYPTION",
              "signatureAlgorithm": "RSA_PKCS1",
              "namedCurve": null,
              "hashAlgorithm": "SHA256",
              "extendedValidation": null,
              "certificateTransparency": null,
              "ocspMustStaple": null,
              "crlSupported": null,
              "ocspSupported": false, <<<<<<<<<<<<<<
              "revoked": null,

Further SUPPORTS_TLS13_SESSION_TICKETS is missing from the JSON output.

m10x avatar Dec 03 '24 09:12 m10x