Failure when scanning [::1] due to SNI

[adrien-n]

Hi,

When running sslscan against [::1], it uses [::1] as SNI:

Testing SSL server ::1 on port 631 using SNI name ::1

There are many failure afterwards (nothing really works).

If I pass --sni-name=foo or --sni-name=1, everything works fine.

I'm not familiar with SNI constraints but I guess it won't hurt to strip characters such as [, ], and : .

[rbsec]

::1 is correct for the SNI name, as it's the IPv6 address of the system that you're connecting to. Just sending 1 as an SNI name wouldn't be correct unless you've configured your local server with a name of 1, or your local server doesn't care about SNI.

When I try scanning a local server with sslscan '[::1]:443' it works as expected - is there a specific service that you're seeing issues with? Can you share a pcap of the traffic?

[adrien-n]

The issue happens with exim4. Admittedly, it's not the only issue with it since I need to --sleep=50 . I don't have a pcap but would that really be helpful (I was actually preparing one): I guess that's likely exim4 bug; I had assumed the :: characters might not be valid for SNI but, really, I didn't check the spec.

I don't know what to do. I'm not sure there's something that can be done for exim that doesn't break everything else!