Joe Testa

Thanks for reporting this. If you can provide the target host to me, then I can probably debug this quickly. My e-mail address is jtesta at-sign positronsecurity dot com. Thanks!

@shemsargent-ch : I submitted PR #295 to address this problem. Thanks for getting me the target host, and thanks for reporting!

I suppose I'm surprised that most implementations didn't mind a ClientHello with no session ID. I would have thought that is a required field...

Most likely, this is a server configuration problem. But to be sure, we would need more information. What target host did you use? What options to sslscan did you provide?...

@LQchengdu : is there a publicly-available host that exhibits this behavior? If so, I'd like to test against it. Thanks!

Aside from the changes requested above, I see that this patch causes failures in the Docker tests: ``` $ ./docker_test.sh Docker image sslscan-test:3 already exists. Running all tests... Test #1...

@mansoorsajjad76 : if the target service is available on the public Internet, what's its IP & port? I can try debugging the issue if I get that info.

What is the target machine's OS/software stack? Is there any special configuration it uses? The more information you can provide, the more likely we'll be able to reproduce and fix...

@wizdude : I just submitted a PR that fixes this issue. Giving me the hostname of the target that reproduces the problem was key in getting this fixed quickly. Thanks!!...

@knweiss @egberts I implemented SSH client testing in v2.1.0 of my fork: https://github.com/jtesta/ssh-audit/releases/tag/v2.1.0