Issue with tls connection

[hktalent]

$echo 172.67.210.144 | tlsx -v
  

  _____ _    _____  __
 |_   _| |  / __\ \/ /
   | | | |__\__ \>  < 
   |_| |____|___/_/\_\	v1.0.9

		projectdiscovery.io

[INF] Current tlsx version v1.0.9 (latest)
[INF] Processing input 172.67.210.144:443
[WRN] Could not connect input 172.67.210.144:443: [auto:RUNTIME] [ctls:RUNTIME] remote error: tls: handshake failure <- could not do handshake; [ztls:RUNTIME] remote error: handshake failure <- could not do tls handshake; [LibreSSL3.3.6,LibreSSL3.3.6:RUNTIME] failed to response from openssl <- Command: /usr/bin/openssl s_client -connect 172.67.210.144:443 -servername 172.67.210.144 -tls1_2 <- failed to parse openssl response. original response is:
{/usr/bin/openssl s_client -connect 172.67.210.144:443 -servername 172.67.210.144 -tls1_2 CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 224 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Start Time: 1686140786
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
 8666559168:error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version:/AppleInternal/Library/BuildRoots/9e200cfa-7d96-11ed-886f-a23c4f261b56/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/ssl/tls13_lib.c:151:
} <- no server certificates found <- could not connect to host

Anything else?

SSL data from shodan - https://www.shodan.io/host/172.67.210.144#443

Curl:

curl -vv https://172.67.210.144:443
*   Trying 172.67.210.144:443...
* Connected to 172.67.210.144 (172.67.210.144) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure

Netcat

$ nc -v 172.67.210.144 443
Connection to 172.67.210.144 port 443 [tcp/https] succeeded!

[ehsandeep]

related - #51

[hktalent]

You can use my website for testing

$ping 51pwn.com
64 bytes from 172.67.210.144: icmp_seq=0 ttl=47 time=236.726 ms

$openssl s_client -connect 172.67.210.144:443|openssl x509 -pubkey -noout 
140704302261056:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1563:SSL alert number 40
unable to load certificate
140704302261056:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

[ehsandeep]

@hktalent This is because of the missing sni value.

this works

echo 51pwn.com | tlsx -silent
51pwn.com:443

This doesn't

echo 172.67.210.144 | tlsx -silent

This works:

echo 172.67.210.144 | tlsx -silent -sni 51pwn.com
172.67.210.144:443 [51pwn.com]

same goes for the host from Shodan as well.

cc @RamanaReddy0M

[hktalent]

@ehsandeep
I know, but in practical situations, many times only have an IP address and no domain name

Thank you very much
Looking forward to you reopening this issue

Until we can solve the problem of losing important information during SSL 1.3 based IP scanning

Any security scanning tool (tlsx, nuclei, etc.) will face such issues

Unable to scan directly through IP

Before scanning, it is necessary to accurately convert the IP address into a domain name, and then install a secure scanning facility

In order to achieve the final desired result

At the same time, another question arises, whether there are other domains and Subdomain using the same ip, and whether the current scanning task is completed for these "other domain names" facilities