tlsx hangs indefinitely for some hosts

[msecrfe]

tlsx version:

v1.1.9

Current Behavior:

For long target lists (in our case: Around 30k host/port combinations), tlsx reliably hangs indefinitely after several hours of execution, usually after around 25k targets have finished. Hanging happens even while writing JSONL output lines, cutting off a JSONL line somewhere in the middle.

Expected Behavior:

tlsx should not hang indefinitely.

Steps To Reproduce:

tlsx was started as follows:

~/go/bin/tlsx \
	-list /tmp/host_port_combos.txt \
	-scan-mode 'auto' \
	-ip-version '4' \
	-so \
	-tls-version \
	-cipher \
	-hash 'sha256' \
	-wildcard-cert \
	-probe-status \
	-version-enum \
	-cipher-enum \
	-cipher-type 'all' \
	-serial \
	-expired \
	-self-signed \
	-mismatched \
	-revoked \
	-untrusted \
	-resolvers 8.8.8.8,8.8.4.4,1.1.1.1 \
	-certificate \
	-tls-chain \
	-concurrency '300' \
	-cipher-concurrency '10' \
	-timeout '5' \
	-retry '3' \
	-disable-update-check \
	-output /tmp/tlsx_output.jsonl \
	-json \
	-no-color

At one point, there is no more progress and even output is no longer written. This is the last line of the output file (/tmp/tlsx_output.jsonl):

{"timestamp":"2025-04-25T09:59:31.489674682Z","host":"xn--<censored>-t6b.<censored>","ip":"<censored>","port":"443","probe_status":true,"tls_version":"tls13","cipher":"TLS_AES_128_GCM_SHA256","self_signed":true,"mismatched":true,"not_before":"2017-01-16T16:04:01Z","not_after":"2027-01-14T16:04:01Z","subject_dn":"emailAddress=root@localhost.localdomain, CN=localhost.localdomain, OU=IT, O=MyCompany, L=Seattle, ST=WA, C=US, emailAddress=root@localhost.localdomain","subject_cn":

Please note that the line ends with an open "subject_cn" key and the JSON object on that line is never closed. The aforementioned line is line 25737 of the output file, so more than 25k targets have been scanned before.

Anything else:

The issue always appears after a long time of execution. Execution of tlsx for the aforementioned approx. 30k targets (aborted/hanging after about 25k targets) started at 2025-04-24T16:50:47+00:00 and the process started hanging at 2025-04-25T10:47:39+0000, so about 18 hours later.

The issue does not seem to depend on the specific target host, as tlsx correctly terminates when only scanning the target host. Also, it always starts hanging indefinitely for a different target, but always after having run for hours and after having already scanned several thousand targets,

[msecrfe]

I have gotten closer to the root cause of the bug.

All hosts that trigger this bug (hang/freeze) resolve to the same IP address. This means that the bug is either due to the host's TLS config or the host's certificate/certificate chain. One of these two seems to cause trouble and makes tlsx hang.

Please find attached:

• the certificate of the host: cert.zip
• output of testssl for the host: testssl-out.txt

[ehsandeep]

@msecrfe thank for info, would it be possible for you to share the test / identified hosts with us at research@projectdiscovery.io so we can investigate further?

[Bundy01]

Hi,

I don't know if it's the same problem, but I've also noticed a slowness of tlsx when using it with asnmap.

asnmap -silent -org GOOGLE|tlsx -silent -san -cn -dns -resp-only

Regards.

[msecrfe]

@msecrfe thank for info, would it be possible for you to share the test / identified hosts with us at research@projectdiscovery.io so we can investigate further?

Thanks for the offer. I have just sent you an email.

One thing I noticed is that the first crash happened for a punycode hostname. Don't know if that could play a role? I don't think so because I think other hostnames that are not punycode also lead to crashes, but not sure.

[dogancanbakir]

/bounty $100

[algora-pbc]

💎 $1,224 bounty • youssefosama3820009-commits

💎 $100 bounty • ProjectDiscovery Bounty Available

How to Participate:

• Claim attempt: Comment /attempt #819 on this issue. Multiple participants can attempt, but only the first to submit a complete, mergeable solution will receive the reward.
• Work on the issue: Follow the Contribution Guidelines and ensure your solution fully addresses the issue requirements.
• Submit your PR: Open a pull request to projectdiscovery/tlsx and include /claim #819 in the PR body.
• Receive payment: Upon successful merge, you will receive 100% of the bounty through Algora within 2-5 days.

Thank you for contributing to projectdiscovery/tlsx and helping us democratize security!

---

PR Requirements

Your PR must include the following. PRs that don't meet these requirements may not be reviewed and could be closed.

Proposed Changes

Describe the overall picture of your modifications to help maintainers understand the pull request.

Proof

Demonstrate your changes work. Include before/after examples, screenshots, or terminal output showing the fix/feature in action.

Checklist

• PR created against the correct branch (usually dev)
• All checks passed (lint, unit/integration/regression tests)
• Tests added that prove the fix is effective or feature works
• Documentation added (if appropriate)

---

Add a bounty • Share on socials

Attempt	Started (UTC)	Solution	Actions
🟢 @erdogan98	Feb 02, 2026, 06:13:11 PM	#886	Reward
🟢 @Simplereally	Feb 03, 2026, 04:01:41 AM	#889	Reward
🟢 @thecafetron-ctrl	Feb 08, 2026, 01:07:40 PM	WIP
🟢 @Scatheus	Feb 08, 2026, 11:31:28 PM	#894	Reward
🟢 @nenadilic84	Feb 13, 2026, 06:54:54 AM	#900	Reward
🟢 @SolariSystems	Feb 16, 2026, 02:20:47 PM	#906	Reward
🟢 @jpirstin	Feb 16, 2026, 05:46:43 PM	#907	Reward
🟢 @285729101	Feb 17, 2026, 03:12:09 PM	#911	Reward
🟢 @	Feb 20, 2026, 12:36:04 PM	WIP
🟢 @shukwei899	Feb 20, 2026, 04:57:33 PM	#915	Reward
🟢 @wh0amibjm	Feb 20, 2026, 06:56:20 PM	#917	Reward

[erdogan98]

/attempt #819