On Thu, Jan 15, 2026 at 07:46:59PM +0000, Kurt Miller wrote: > security/tls-attacker currently uses jdk-1.8.0. The Attacker.jar > functionality there was moved to a separate project called tls-scanner > in later releases. So I ported tls-scanner to keep this functionality > and so I can remove tls-attacker with a hint to now use tls-scanner.
Jasper added tls-attacker on my request. It was very useful for some corner cases, but the py3-tlsfuzzer testsuite covers almost everything already. I'm ok with removing tls-attacker with or without replacement. The proper successor is tls-anvil, but I haven't looked at this at all and won't have time for it anytime soon: https://github.com/tls-attacker/TLS-Anvil > > security/tls-scanner: > ----- > > COMMENT = TLS configuration and analysis tool based on TLS-Attacker > > pkg/DESCR: > TLS-Scanner is a tool to assist pentesters and security researchers in the > evaluation of TLS server and client configurations. > > I install two connivence scripts TLS-Server-Scanner and TLS-Client-Scanner > to easily launch the two modes of this scanner. > > The README describes how to use both, however the TLS-Server-Scanner > does not like the self signed certificate and errors out without printing > a final report. If I point this at a real website (one of my own), it > completes its tests and produces a final report. > > I think the error on self-signed certificate is an upstream bug. > > ok to import this and delete tls-attacker? >
