if i run this in a endless loop, the memory is getting bigger and bigger. can anyone please help me. this is a really serious problem for me :(

sslv20 = { 'version': 'SSLv20', 'command': Sslv20ScanCommand() } sslv30 = { 'version': 'SSLv30', 'command': Sslv30ScanCommand() } tlsv10 = { 'version': 'TLSv10', 'command': Tlsv10ScanCommand() } tlsv11 = { 'version': 'TLSv11', 'command': Tlsv11ScanCommand() } tlsv12 = { 'version': 'TLSv12', 'command': Tlsv12ScanCommand() }

for protocol in [sslv20, sslv30, tlsv10, tlsv11, tlsv12]: scanner = SynchronousScanner(network_timeout=2, network_retries=2) scan_result = scanner.run_scan_command(server_info, protocol['command'])

...

sslyze lists it's license as GPLv2. Can you clarify if this is an intentional choice, or one made for historical reasons?

GPLv2 makes perfect sense for the use of sslyze as a standalone tool, and preventing users from building a proprietary SSL analysis tool based off that codebase.

However, I've got a use case that would involved deploying sslyze as part of a Software-as-a-Service platform. Under the terms of the GPLv2, this would be a completely legitimate usage of sslyze, and I would not be required to distribute the source code for my SaaS platform (see this FAQ on the GNU website).

While I'm completely covered under the letter of the law, I'd rather not violate the spirit of the law in the way the project intended the sslyze API and codebase to be used.

Are you able to:

• Clarify that you have no objection to sslyze being used as part of a proprietary SaaS deployment; and/or
• Provide (either to me specifically, or more generally) a license with more liberal terms (LGPL would be fine; MIT/BSD would be even better); or
• Modify the license to be AGPL, or something that covers the SaaS use case?

I'm seeing these two errors and two failures when running python run_tests.py:

======================================================================
ERROR: test_unicode_certificate (plugin_tests.test_certificate_info_plugin.CertificateInfoPluginTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_certificate_info_plugin.py", line 146, in test_unicode_certificate
    plugin_result = plugin.process_task(server_info, CertificateInfoScanCommand())
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/certificate_info_plugin.py", line 151, in process_task
    raise RuntimeError(u'Could not connect to the server; last error: {}'.format(last_exception))
RuntimeError: Could not connect to the server; last error: TCP / Received RST

======================================================================
ERROR: test_follows_client_cipher_suite_preference (plugin_tests.test_openssl_cipher_suites_plugin.OpenSslCipherSuitesPluginTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_openssl_cipher_suites_plugin.py", line 199, in test_follows_client_cipher_suite_preference
    plugin_result = plugin.process_task(server_info, Tlsv12ScanCommand())
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/openssl_cipher_suites_plugin.py", line 167, in process_task
    preferred_cipher = self._get_preferred_cipher_suite(server_connectivity_info, ssl_version, accepted_cipher_list)
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/openssl_cipher_suites_plugin.py", line 215, in _get_preferred_cipher_suite
    second_cipher = self._get_selected_cipher_suite(server_connectivity_info, ssl_version, second_cipher_string)
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/plugins/openssl_cipher_suites_plugin.py", line 235, in _get_selected_cipher_suite
    ssl_connection.connect()
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/sslyze/utils/ssl_connection.py", line 166, in connect
    self.do_handshake()
  File "/usr/local/Cellar/sslyze/1.0.0/libexec/lib/python2.7/site-packages/nassl/ssl_client.py", line 144, in do_handshake
    handshake_data_in = self._sock.recv(self._DEFAULT_BUFFER_SIZE)
timeout: timed out

======================================================================
FAIL: test_not_trusted_by_mozilla_but_trusted_by_apple (plugin_tests.test_certificate_info_plugin.CertificateInfoPluginTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_certificate_info_plugin.py", line 174, in test_not_trusted_by_mozilla_but_trusted_by_apple
    self.assertEqual(plugin_result.successful_trust_store.name, u'Apple')
AssertionError: u'Microsoft' != u'Apple'
- Microsoft
+ Apple


======================================================================
FAIL: test_tlsv1_2_enabled (plugin_tests.test_openssl_cipher_suites_plugin.OpenSslCipherSuitesPluginTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/private/tmp/sslyze-20170213-14808-18m8mim/sslyze-1.0.0/tests/plugin_tests/test_openssl_cipher_suites_plugin.py", line 113, in test_tlsv1_2_enabled
    set(accepted_cipher_name_list))
AssertionError: Items in the first set but not the second:
'TLS_RSA_WITH_AES_128_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
'OLD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'
'TLS_RSA_WITH_AES_256_CBC_SHA256'
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'

----------------------------------------------------------------------
Ran 64 tests in 131.530s

FAILED (failures=2, errors=2)
/usr/local/Homebrew/Library/Homebrew/debrew.rb:11:in `raise'
BuildError: Failed executing: python run_tests.py

In version 2.0.0 the dh_info key for ciphers that use Diffie-Hellmann key exchange has disappeared. Are you planning to bring it back, or is it gone for good?

Example JSON from 1.4.3:

    "tlsv1": {
                    "accepted_cipher_list": [
                        {
                            "dh_info": {
                                "A": "0x00ffffffff00000001000000000000000000000000fffffffffffffffffffffffc",
                                "B": "0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
                                "Cofactor": "1",
                                "Field_Type": "prime-field",
                                "Generator": "0x046b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c2964fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
                                "GeneratorType": "uncompressed",
                                "GroupSize": "256",
                                "Order": "0x00ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
                                "Prime": "0x00ffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
                                "Seed": "0xc49d360886e704936a6678e1139d26b7819f7e90",
                                "Type": "ECDH"
                            },
                            "is_anonymous": false,
                            "key_size": 256,
                            "openssl_name": "ECDHE-RSA-AES256-SHA",
                            "ssl_version": "TLSV1"
                        },

Example from 2.0.0:

                        {
                            "is_anonymous": false,
                            "key_size": 256,
                            "openssl_name": "ECDHE-RSA-AES256-SHA",
                            "ssl_version": "TLSV1_1"
                        },

python2 sslyze --regular www.pentest.co.uk

 * Certificate Information:
Unhandled exception while running --certinfo:
TypeError - object of type 'UnrecognizedExtension' has no len()

net-analyzer/sslyze-1.4.2 dev-python/nassl-1.1.3

Have been attempting to use it with some client certs (tried v0.13.2 and v0.13.3), which failed with the following error:

Traceback (most recent call last): File "sslyze_cli.py", line 630, in File "sslyze_cli.py", line 532, in main _nassl.OpenSSLError: error:1418C197:SSL routines:ssl3_shutdown:shutdown while in init

Saw that there were changes in v0.12 e.g.

• A full (client) certificate chain can now be supplied when using client certificates.

So skipped to v0.11 which worked e.g. with the same command line/cert files etc:

.\sslyze.exe --cert="pub.cer" --key="pri.pkcs8" --keyform="PEM" --pass="a" --regular super-secret-host:443

In OpenSSL 1.1.0, support for SSL 2.0 and export cipher suites was removed. This is good for the Internet but bad for SSLyze. We also cannot stay stuck on 1.0.2 forever as new cipher suites (ChaCha20 and Poly1305) were added 1.1.0. This might require writing a plugin to check for cipher suites and protocols that are not supported by OpenSSL.

I'm adding sslyze to Gentoo (Pentoo) repository and facing the problem. The latest nassl v0.12 has no option to use existing system libraries even if they meet all requirements.

Please specify which options of libraries must be enabled and allow to use system libraries.

My quick patch is here: https://github.com/pentoo/pentoo-overlay/commit/dd9d21cdcb2aee07cdbec25b81c81d1c5f703395

I noticed that certinfo fails with letsencrypt certificates:

$ sslyze --certinfo letsencrypt.org



 AVAILABLE PLUGINS
 -----------------

  SessionRenegotiationPlugin
  SessionResumptionPlugin
  HttpHeadersPlugin
  RobotPlugin
  CompressionPlugin
  CertificateInfoPlugin
  FallbackScsvPlugin
  OpenSslCipherSuitesPlugin
  HeartbleedPlugin
  OpenSslCcsInjectionPlugin



 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   letsencrypt.org:443                       => 92.123.27.128 




 SCAN RESULTS FOR LETSENCRYPT.ORG:443 - 92.123.27.128
 ----------------------------------------------------

 * Certificate Information:
Unhandled exception while running --certinfo:
TypeError - object of type 'UnrecognizedExtension' has no len()


 SCAN COMPLETED IN 0.50 S
 ------------------------

Not sure which extension is breaking the scan. Other tests from the --regular suite work fine.

I have eperienced the same with older and latest sslyze version:

$ sslyze --version
1.4.2

Same problem can be seen on prominent sites with certificates from various issuers:

• letsencrypt.org (Let's Encrypt) - https://www.ssllabs.com/ssltest/analyze.html?d=letsencrypt.org
• mozilla.org (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=mozilla.org
• wikipedia.org (GlobalSign) - https://www.ssllabs.com/ssltest/analyze.html?d=wikipedia.org
• facebook.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=facebook.com
• amazon.com (DigiCert) -https://www.ssllabs.com/ssltest/analyze.html?d=amazon.com
• twitter.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=twitter.com
• yahoo.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=yahoo.com
• github.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=github.com
• wordpress.com (Go Daddy) - https://www.ssllabs.com/ssltest/analyze.html?d=wordpress.com
• reddit.com (DigiCert)
• jquery.org (Let's Encrypt)
• videolan.org (Let's Encrypt)

Works fine testing:

• google.com (Google Internet Authority) - https://www.ssllabs.com/ssltest/analyze.html?d=google.com
• stackoverflow.com (DigiCert) - https://www.ssllabs.com/ssltest/analyze.html?d=stackoverflow.com
• moz.com (CloudFlare) - https://www.ssllabs.com/ssltest/analyze.html?d=moz.com
• slo-tech.com (Comodo) - https://www.ssllabs.com/ssltest/analyze.html?d=slo-tech.com

According to #320, #311 and #293 this seems to be caused by unmet (poorly defined?) dependancy, an outdated version of cryptography, likely to be fixed in the homebrew formula: https://github.com/Homebrew/homebrew-core/blob/master/Formula/sslyze.rb#L46 @nabla-c0d3, could you check the dependancies and resources in that formula, so that we can ask them for a fix?

Last relevant changes were done as part of https://github.com/Homebrew/homebrew-core/pull/28332 :

• https://github.com/Homebrew/homebrew-core/commit/f19782edf2694bbec61fdddd4e0295680f9632e7 (by @ilovezfs and @mistydemeo)
• https://github.com/Homebrew/homebrew-core/commit/52a167e08869396f734567550c0b1a877df05fc4 (by @BrewTestBot and @mistydemeo)

I simply cannot configure sslyze not to time out on almost every run.

Could you recommend a configuration which works reliably?

Currently I run it the following way: sslyze-1_3_2\sslyze --timeout=120 --nb_retries=50 --json_out=result_tresorit.com.json --regular tresorit.com

OSes I tested with:

• Windows Server 2016 (1607) with latest updates (natively, not in WSL), VM: ~always times out
• Windows 10 (1709) with latest updates (16299.192), physical machine: times out on every second run

Run #1:

 * ROBOT Attack:
                                          OK - Not vulnerable

 * TLSV1 Cipher Suites:
     Undefined - An unexpected error happened:
        TLS_DH_RSA_WITH_AES_256_CBC_SHA                   timeout - timed out
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             timeout - timed out

 * TLSV1_1 Cipher Suites:
     Undefined - An unexpected error happened:
        TLS_ECDH_anon_WITH_AES_256_CBC_SHA                timeout - timed out
        TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA              timeout - timed out
        TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA              timeout - timed out
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA                  timeout - timed out

Run #2:

 * ROBOT Attack:
                                          UNKNOWN - Received inconsistent results

 * TLSV1_2 Cipher Suites:
     Undefined - An unexpected error happened:
        TLS_DH_anon_WITH_AES_256_GCM_SHA384               timeout - timed out
        TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA             timeout - timed out

Run #3:

 * ROBOT Attack:
                                          OK - Not vulnerable

 * SSLV3 Cipher Suites:
      Server rejected all cipher suites.
     Undefined - An unexpected error happened:
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA                  timeout - timed out

Run #4:

 * ROBOT Attack:
                                          OK - Not vulnerable

 * SSLV3 Cipher Suites:
      Server rejected all cipher suites.
     Undefined - An unexpected error happened:
        TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA             timeout - timed out
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA                  timeout - timed out
        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA                 timeout - timed out

 * TLSV1_2 Cipher Suites:
     Undefined - An unexpected error happened:
        TLS_RSA_WITH_SEED_CBC_SHA                         timeout - timed out
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256               timeout - timed out
        RSA_WITH_AES_256_CCM                              timeout - timed out

It looks totally random which cipher fails and which not. Also the ROBOT Attack check is not stable. And it finishes fast (in 18-20 seconds), I am pretty sure it does not retry 50 times or it does too fast, it does not matter at all.

Any idea why does this happen?

I started to dig deeper (aka started monitoring the requests with Wireshark), but I only saw that some connections were not closed properly, and kept alive until the process finished, but they are NOT the same connections which are timed out. So this can only cause problem if there is some active connection per host limit somewhere...

Older sslyze version (sadly I don't know which one) worked reliably, but now I wanted to update to the latest (1.3.2).

Hi,

Recently I was checking a client's host and I noticed something strange. I'm running sslyze like this:

$ ./sslyze_v0.11/sslyze.py --regular host:443  
(...)
  * Certificate - Trust:
      Hostname Validation:               OK - Subject Alternative Name matches
      Mozilla NSS CA Store (04/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Microsoft CA Store (04/2015):      FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Apple CA Store (OS X 10.10.3):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Certificate Chain Received:        ['host']
(...)

I also tried running OpenSSL directly:

$ openssl s_client -connect host:443 -verify 5                      
verify depth is 5
CONNECTED(00000003)
depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted]., OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted], OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted]., OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
verify error:num=21:unable to verify the first certificate
verify return:1
(...)

It seems that the certificate isn't valid, however when I opened the host on my browser (I tried Firefox, Chrome and IE) they all say that the certificate is verified. After digging a bit on the internet, I concluded that it's failing because there's an intermediate certificate which has the CN 'VeriSign Class 3 International Server CA - G3' which seems that is not trusted on some systems. So I downloaded the certificate from here https://www.tbs-certificates.co.uk/FAQ/en/600.html and ran again the OpenSSL with the -CAfile option:

$ openssl s_client -connect host:443 -CAfile SVRIntlG3.crt -verify 5
verify depth is 5
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = Terms of use at https://www.verisign.com/rpa (c)10, CN = VeriSign Class 3 International Server CA - G3
verify return:1
depth=0 C = IT, ST = [omitted], L = [omitted], O = [omitted]., OU = [omitted], OU = Terms of use at www.verisign.com/rpa (c)05, CN = host
verify return:1

---

No errors. However when I use the --ca_file parameter on sslyze, i still get all the errors:

$ ./sslyze_v0.11/sslyze.py --regular --ca_file SVRIntlG3.crt host:443 
(...)
  * Certificate - Trust:
      Hostname Validation:               OK - Subject Alternative Name matches
      Mozilla NSS CA Store (04/2015):    FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Java 6 CA Store (Update 65):       FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Microsoft CA Store (04/2015):      FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Custom --ca_file CA Store (N/A):   FAILED - Certificate is NOT Trusted: unable to get issuer certificate
      Apple CA Store (OS X 10.10.3):     FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
      Certificate Chain Received:        ['host']
(...)

Maybe I'm using some option incorrectly, but I would expect sslyze to behave similarly to OpenSSL. (I had to omit the host and some info on the certs, sorry)

when I run it against my cable modem/router, it won't scan:

$ python3 -m sslyze 192.168.0.1:443    

 AVAILABLE PLUGINS
 -----------------

  OpenSslCcsInjectionPlugin
  RobotPlugin
  SessionRenegotiationPlugin
  CompressionPlugin
  SessionResumptionPlugin
  HttpHeadersPlugin
  OpenSslCipherSuitesPlugin
  FallbackScsvPlugin
  CertificateInfoPlugin
  EarlyDataPlugin
  HeartbleedPlugin

 CHECKING HOST(S) AVAILABILITY
 -----------------------------

   192.168.0.1:443                       => 192.168.0.1 

 SCAN COMPLETED IN 0.08 S
 ------------------------

However it brings up a webpage when I go to it on my browser

It redirects internally to https and takes me to the login page:

But I can also browse directly to https://192.168.0.1

Is sslyze tripping up because it can't follow redirects or something? port 443 is available because I can telnet to it:

$ telnet 192.168.0.1 443
Trying 192.168.0.1...
Connected to 192.168.0.1.
Escape character is '^]'.

nmap shows 80 and 443 as open:

PORT      STATE    SERVICE
80/tcp    open     http
443/tcp   open     https

The option to validate and import scan results with pydantic/SslyzeOutputAsJson is great. However it requires all the dependencies of sslyze, including nassl. This is a problem, if I'm on a platform where I have to compile it, and only want to read a scan result.

Therefore it would be great, it would be possible to use SslyzeOutputAsJson without dependencies, that are only necessary to perform a scan. That would require some refactoring of the imports.

To further address the memory leak affecting the certificate validation logic (https://github.com/nabla-c0d3/sslyze/issues/560), we should switch from nassl's to pyOpenSSL's API (https://www.pyopenssl.org/en/stable/api/crypto.html#x509storecontext-objects).

pyOpenSSL is already an implicit dependency of SSLyze since it's a dependency of cryptography.

To Reproduce Steps to reproduce the behavior:

1. Install latest SSLyze version using git clone
2. Create and activate python3.9 venv
3. Follow the steps: https://github.com/nabla-c0d3/sslyze/tree/5.0.0#development-environment
4. See error

Expected behavior Tests succeed

Python environment

• OS: RHEL 8.5
• Python version: 3.9.6
• OpenSSL 1.1.1k FIPS 25 Mar 2021
• update-crypto-policies --show: LEGACY

Additional context When trying to scan a local apache webserver using python -m sslyze [webserver cname] with SSLyze version 4.1.0, which was previously installed using pip, or with the latest version from git, a segmentation fault happens aswell. gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname] results in error 2

Error

# invoke test
============================= test session starts ==============================
platform linux -- Python 3.9.6, pytest-6.2.5, py-1.11.0, pluggy-1.0.0
rootdir: /opt/testsslyze/sslyze
plugins: Faker-13.0.0, cov-3.0.0
collected 163 items

tests/test_main.py .                                                     [  0%]
tests/cli_tests/test_console_output.py .........                         [  6%]
tests/cli_tests/test_server_string_parser.py ........                    [ 11%]
tests/json_tests/test_json_output.py .....                               [ 14%]
tests/plugins_tests/test_compression_plugin.py Fs.                       [ 15%]
tests/plugins_tests/test_early_data_plugin.py ...                        [ 17%]
tests/plugins_tests/test_elliptic_curves_plugin.py FF                    [ 19%]
tests/plugins_tests/test_fallback_scsv_plugin.py FFFF                    [ 21%]
tests/plugins_tests/test_heartbleed_plugin.py FF...                      [ 24%]
tests/plugins_tests/test_http_headers_plugin.py FFF........              [ 31%]
tests/plugins_tests/test_openssl_ccs_injection_plugin.py FF...           [ 34%]
tests/plugins_tests/test_robot_plugin.py Fs.                             [ 36%]
tests/plugins_tests/test_scan_commands.py .                              [ 36%]
tests/plugins_tests/test_session_renegotiation_plugin.py F..F            [ 39%]
tests/plugins_tests/test_session_resumption_plugin.py FF..               [ 41%]
tests/plugins_tests/certificate_info/test_certificate_algorithms.py ..FF [ 44%]
F                                                                        [ 44%]
tests/plugins_tests/certificate_info/test_certificate_info_plugin.py FFF [ 46%]
FFFsFFFFFF.                                                              [ 53%]
tests/plugins_tests/certificate_info/test_certificate_utils.py ......    [ 57%]
tests/plugins_tests/certificate_info/test_cli_connector.py F             [ 57%]
tests/plugins_tests/certificate_info/test_json.py F                      [ 58%]
tests/plugins_tests/certificate_info/test_symantec.py ...                [ 60%]
tests/plugins_tests/certificate_info/test_trust_store_repository.py .F   [ 61%]
tests/plugins_tests/openssl_cipher_suites/test_cipher_suites.py .        [ 61%]
tests/plugins_tests/openssl_cipher_suites/test_cli_connector.py F        [ 62%]
tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py F [ 63%]
FFFFFFFFFFFFFatal Python error: Segmentation fault

Current thread 0x00007f4d107e0700 (most recent call first):
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/nassl/ssl_client.py", line 319 in get_ephemeral_key
  File "/opt/testsslyze/sslyze/sslyze/plugins/openssl_cipher_suites/_test_cipher_suite.py", line 56 in connect_with_cipher_suite
  File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 52 in run
  File "/usr/lib64/python3.9/concurrent/futures/thread.py", line 77 in _worker
  File "/usr/lib64/python3.9/threading.py", line 910 in run
  File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
  File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap

Thread 0x00007f4d117e2700 (most recent call first):
  File "/opt/testsslyze/sslyze/tests/openssl_server/__init__.py", line 44 in read_and_log_and_reply
  File "/usr/lib64/python3.9/threading.py", line 910 in run
  File "/usr/lib64/python3.9/threading.py", line 973 in _bootstrap_inner
  File "/usr/lib64/python3.9/threading.py", line 930 in _bootstrap

Thread 0x00007f4d71b66100 (most recent call first):
  File "/usr/lib64/python3.9/threading.py", line 312 in wait
  File "/usr/lib64/python3.9/concurrent/futures/_base.py", line 440 in result
  File "/opt/testsslyze/sslyze/sslyze/plugins/plugin_base.py", line 115 in scan_server
  File "/opt/testsslyze/sslyze/tests/plugins_tests/openssl_cipher_suites/test_openssl_cipher_suites_plugin.py", line 321 in test_sslv3_enabled
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 183 in pytest_pyfunc_call
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/python.py", line 1641 in runtest
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 162 in pytest_runtest_call
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 255 in <lambda>
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 311 in from_call
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 254 in call_runtest_hook
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 215 in call_and_report
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 126 in runtestprotocol
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/runner.py", line 109 in pytest_runtest_protocol
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 348 in pytest_runtestloop
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 323 in _main
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 269 in wrap_session
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/main.py", line 316 in pytest_cmdline_main
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_callers.py", line 39 in _multicall
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_manager.py", line 80 in _hookexec
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/pluggy/_hooks.py", line 265 in __call__
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 162 in main
  File "/opt/testsslyze/venv/lib64/python3.9/site-packages/_pytest/config/__init__.py", line 185 in console_main
  File "/opt/testsslyze/venv/bin/pytest", line 8 in <module>

Error 2

# gdb -ex r --args /opt/testsslyze/venv/bin/python -m sslyze [webserver cname]
...
[Thread 0x7fffcf7fe700 (LWP 366897) exited]
   [webserver cname]:443   => 10.225.76.137   WARNING: Server requested optional client authentication

Thread 15 "python" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffefc80700 (LWP 366902)]
nassl_SSL_get_dh_info (self=<optimized out>) at nassl/_nassl/nassl_SSL.c:861
861     nassl/_nassl/nassl_SSL.c: No such file or directory.