Protocols not supported when a warning is returned

[rbsec]

The protocol scan will show protocols as disabled if they return a warning, even if the handshake then completes successfully.

The response to the initial ClientHello can have a content type of Alert (21) with the level of Warning (1), but the handshake still succeeds.

https://github.com/rbsec/sslscan/blob/master/sslscan.c#L4992

We need to check if it is a warning, and if so then read the next packet to see if we get a ServerHello.

[jtesta]

Interesting. Do you happen to know how to reproduce this scenario? I'm drawing blanks...

[rbsec]

I was scanning a FortiWeb appliance that was returning unrecognized_name (code 112) response on the admin interface. It did this regardless of whether I used the proper hostname or IP address.