[#710]Fix list of cipher suites used for retrieving RSA certificates

nabla-c0d3 · nabla-c0d3 · commit 83e8b5a00954 · 2025-12-28T12:45:37.000+01:00
diff --git a/sslyze/plugins/certificate_info/implementation.py b/sslyze/plugins/certificate_info/implementation.py
@@ -83,14 +83,15 @@ def scan_jobs_for_scan_command(
             # Get the default certificate chain sent to clients using TLS 1.3
             call_arguments.append((server_info, custom_ca_file, TlsVersionEnum.TLS_1_3, None, True))
 
-            # Get the other certificate chains sent to clients using TLS 1.2 that support or don't support RSA
-            call_arguments.append((server_info, custom_ca_file, TlsVersionEnum.TLS_1_2, "RSA", True))
-            call_arguments.append((server_info, custom_ca_file, TlsVersionEnum.TLS_1_2, "ALL:-RSA", True))
+            # Get the other certificate chains sent to clients using TLS 1.2 that support
+            #  or don't support RSA for authentication
+            call_arguments.append((server_info, custom_ca_file, TlsVersionEnum.TLS_1_2, "aRSA", True))
+            call_arguments.append((server_info, custom_ca_file, TlsVersionEnum.TLS_1_2, "ALL:-aRSA", True))
         else:
-            # Get the certificate chains sent to clients that support or don't support RSA
+            # Get the certificate chains sent to clients that support or don't support RSA for authentication
             call_arguments.append((server_info, custom_ca_file, None, None, True))
-            call_arguments.append((server_info, custom_ca_file, None, "RSA", True))
-            call_arguments.append((server_info, custom_ca_file, None, "ALL:-RSA", True))
+            call_arguments.append((server_info, custom_ca_file, None, "aRSA", True))
+            call_arguments.append((server_info, custom_ca_file, None, "ALL:-aRSA", True))
 
         # Additionally, get the default certificate chain sent to clients without SNI
         call_arguments.append((server_info, custom_ca_file, None, None, False))
