From 561591d21e2d36712de687d2d82ccd3985ec9163 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Sat, 11 Nov 2023 11:03:42 -0500
Subject: [PATCH] Fixed cipher enumeration against servers that require unsafe
 legacy renegotiation.

---
 sslscan.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sslscan.c b/sslscan.c
index f786429..e8268e1 100644
--- a/sslscan.c
+++ b/sslscan.c
@@ -1869,6 +1869,9 @@ int testCipher(struct sslCheckOptions *options, const SSL_METHOD *sslMethod)
                 // This enables TLS SNI
                 SSL_set_tlsext_host_name (ssl, options->sniname);
 
+                // Against some servers, this is required for a successful SSL_connect(), below.
+                SSL_set_options(ssl, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
+
                 // Connect SSL over socket
                 cipherStatus = SSL_connect(ssl);
                 printf_verbose("SSL_connect() returned: %d\n", cipherStatus);