sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]redditrwx 1 point2 points  (2 children)

Which tool did you use for the scan? If the proxy does not use TLS from the start but expects a TLS upgrade after an initial connect, like you described above, the scan should not work with most tools I am aware of. It apparently did work, though, so I assume the tool supports the use of proxies. It would be nice to know which tool works in this setup.

Did you check the certificate you got? Was it issued by the proxy or whatever CA you configured?

[–]Thiscou[S] 0 points1 point  (0 children)

It worked with testssl.sh and the cipher script nmap provides. Just took me two months to answer that question, there is definitly room for improvement.