David Cooper

> In `determine_optimal_proto()` we'll call `sclient_auth()` and that populates `CLIENT_AUTH` accordingly -- for both STARTTLS and plain TLS. So that should(TM) work. Yes, `CLIENT_AUTH` should be set if client authentication...

Hi @rvstaveren, @drwetter, I just tried to come up with a solution to this problem and instead discovered another problem. My thought was, if the checks are slow because packets...

> yes, I believe < /dev/null would help for problem no 2. Okay, I can create a PR for this. > Problem no 1: It's a tough architecture decision to...

This seems like something that would be a useful addition, but some thought would have to be given as to how to present this information. As you noted, this is...

> As far as I can tell the recently merged pull request shows only the chosen algorithm. Is showing a list of all algorithms supported by the server still something...

Hi Dirk, #1398 would fix this, if you want to give that PR another look.

Could you please explain what you mean by "Implement an ALPACA vulnerability check"? What specific check(s) are you proposing that testssl.sh should implement?

> In the future, something more sophisticated could be done, where we first determine the full set of cipher suites supported for each protocol version, and then only mark the...

> Still then I don't know how the remaining 3 lines will look like. Let me have a look. Hope I have internet access the next days. No problem. I...

I just submitted PR #2194 to help address this issue. Now, with #2129 and #2194, no information about cipher order is printed or sent to `fileout()` until the complete list...