Doing a better guess for Opossum when tcp/80 is not a/v

drwetter · drwetter · commit cb971b5336c4 · 2025-07-21T10:08:25.000+02:00
This labels the result of a failed test for reaching
port 80 when no direct connection is possible as likely not
vulnerable.

This seems safe to say, as there's another check whether
a proxy is configured, like for corporate environments where
a connection is only allowed though the proxy.
diff --git a/testssl.sh b/testssl.sh
@@ -17735,8 +17735,10 @@ run_opossum() {
                          prln_local_problem "direct connection to port 80 failed, better try without proxy"
                          fileout "$jsonID" "WARN" "direct connection to port 80 failed, try w/o no proxy" "$cve" "$cwe"
                     else
-                         outln "connection to port 80 failed"
-                         fileout "$jsonID" "INFO" "connection to port 80 failed" "$cve" "$cwe"
+                         out "likely "
+                         pr_svrty_good "not vulnerable (OK)"
+                         outln ", connection to port 80 failed"
+                         fileout "$jsonID" "OK" "connection to port 80 failed" "$cve" "$cwe"
                     fi
                fi
           ;;
