You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
How to quit/kill/stop the script when it hangs? Is there a keyboard command, escape key that works?
The manual points out that:
"If the specified targets accepts connections but does not speak SSL, the connection will be closed after the system's TCP/IP-timeout. This script will hang (about 2-3 minutes)."
I've found that the hang is indefinite scanning a non-tls site with the following command: docker run --rm -it owasp/o-saft --trace-key --legacy=quick +check arnhem.nl:80
As suggested the --ssl-error-max= (or --no-ssl-error) can be used. After the script hangs, this counter does not increase. Thus using a --ssl-error-max= with a too high value might be a risk of a hang. This is enough for a workaround for this issue 😄
docker run --rm -it owasp/o-saft --trace-key --legacy=quick +check arnhem.nl:80
=== reading: ./.o-saft.pl (RC-FILE done) ===
=== reading: /O-Saft/o-saft-dbx.pm (trace file done) ===
=== reading: /usr/local/share/perl5/site_perl/IO/Socket/SSL.pm (IO SSL module done) ===
=== reading: /usr/share/perl5/core_perl/Time/Local.pm (Time module done) ===
=== reading: /O-Saft/Net/SSLinfo.pm (O-Saft module done) ===
**WARNING: 143: SSL version 'TLSv13': not supported by Net::SSLeay; not checked
**WARNING: 066: 7 data and check outputs are disbaled due to use of '--no-out':
!!Hint: use '--v' for more information
!!Hint: do not use '--ignore-out=*' or '--no-out=*' options
**WARNING: 410: SSLv2 does not support SNI; checks skipped
!!Hint: use '--no-sni' for checking
**WARNING: 410: SSLv3 does not support SNI; checks skipped
!!Hint: use '--no-sni' for checking
**WARNING: 302: TLSv1: (31 of 193 ciphers checked) abort connection attempts after 5 max errors
!!Hint: use --no-ssl-error or --ssl-error-max= to continue connecting
**WARNING: 301: TLSv11: (8 of 193 ciphers checked) abort connection attempts after 10 total errors
!!Hint: use --no-ssl-error or --ssl-error-max= to continue connecting
**WARNING: 301: TLSv12: (21 of 193 ciphers checked) abort connection attempts after 10 total errors
!!Hint: use --no-ssl-error or --ssl-error-max= to continue connecting
^C
^C^C^C^C^C^C^C^C
^C^C^C^C^C^[^[^[^[^[^[
The text was updated successfully, but these errors were encountered:
according "How to quit/kill/stop the script when it hangs?"
Depends on your shell and/or operating system. In plain shell on *nix Ctrl-C should work. If it is in a VM, depends on your VM preferences too. If it is in docker, I guess you need to kill the container:
docker container kill
may be rm also works
docker container rm
This problem still exists today (2024) with docker and even podman.
The only workaround known so far is to kill all corresponding docker and containerd, or podman and conman, processes.
In *IX world kill -9 ... must be used. Note that stoppping the dockerd daemon most likely also does not stop/kill all running processes.
As there is no way from the parent process to stop in a clean way, this issue should be closed but we keep it open as "question".
How to quit/kill/stop the script when it hangs? Is there a keyboard command, escape key that works?
The manual points out that:
"If the specified targets accepts connections but does not speak SSL, the connection will be closed after the system's TCP/IP-timeout. This script will hang (about 2-3 minutes)."
I've found that the hang is indefinite scanning a non-tls site with the following command:
docker run --rm -it owasp/o-saft --trace-key --legacy=quick +check arnhem.nl:80
As suggested the --ssl-error-max= (or --no-ssl-error) can be used. After the script hangs, this counter does not increase. Thus using a --ssl-error-max= with a too high value might be a risk of a hang. This is enough for a workaround for this issue 😄
The text was updated successfully, but these errors were encountered: