[#555] Handle sslv3 alert illegal parameter

nabla-c0d3 · May 14, 2022 · b60b644 · b60b644
1 parent 1b0905d
commit b60b644
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/sslyze/connection_helpers/tls_connection.py b/sslyze/connection_helpers/tls_connection.py
@@ -117,6 +117,9 @@ def _open_socket(server_location: ServerNetworkLocation, network_timeout: int) -
     "alert bad record mac": "TLS alert: bad record mac",
     "tlsv1 alert internal error": "TLS alert: Internal error",
     "illegal padding": "TLS alert: Illegal padding",
+    # illegal parameter is sometimes used by server to reject an invalid client certificate
+    # https://github.com/nabla-c0d3/sslyze/issues/555
+    "illegal parameter": "TLS alert: Illegal parameter",
     # Error returned by OpenSSL when the server didn't return a certificate that can work with the cipher suites
     # enabled in the client; for example client only supports EC cipher suites but server returned an RSA certificate
     "wrong certificate type": "Server returned wrong certificate type",