pshtt
pshtt copied to clipboard
cisagov
Other requests response exception
🐛 Bug Report
When performing pshtt scanning, sometimes we get an error in AWS Lambda stating "other requests response exception". In this case we do not receive scan results for the domain that errored.
To Reproduce
caats3.va.gov is a domain where this happens often.
Expected behavior
A successful scan.
Any helpful log output
None.
@jsf9k I wonder if this has to do with the breaking change in sslyze v2.1.0 in early June where they changed how certificate verification works and so a number of the fields in the certificate plugin went away. I think there were some missing attribute exceptions. See the commits in my fork at https://github.com/echudow/pshtt/commit/c2f427b005f799ea7e916a5b067dbb4c55cce3f9 and https://github.com/echudow/pshtt/commit/ce0ccaf39c51aa7b5d97e14ef04c0fd4f1cc7240 for how I addressed this issue with some workarounds to handle both the older and newer versions of sslyze. We're still testing those changes though.
@echudow This issue can't be due to that, since the pshtt lambda hadn't been rebundled since May. Thanks for mentioning that, though, since it will be a problem now (as I'm rebundling to deploy the logging improvements in #197, which will pull in a newer sslyze).