Some data returned by API is incorrect

Question

Some data returned by API is incorrect

NMZXYCDRL opened this issue a year ago · 1 comments

Recently, I found that some data obtained from the api is incorrect. The tls_version field has redundant tls1.2 and tls1.3，Even all ciphersuites have the value TLS1.3

> curl -s https://ciphersuite.info/api/cs/ | grep -o '"TLS1.3"' | wc -l
348
> curl -s https://ciphersuite.info/api/cs/ | grep -o '"TLS1.2"' | wc -l
339

An old ciphersuite have tls1.2 and tls 1.3

https://ciphersuite.info/api/cs/TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA/

returns :

  "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA": {
    "gnutls_name": "",
    "openssl_name": "",
    "hex_byte_1": "0x00",
    "hex_byte_2": "0x19",
    "protocol_version": "TLS EXPORT",
    "kex_algorithm": "DH",
    "auth_algorithm": "anon",
    "enc_algorithm": "DES40 CBC",
    "hash_algorithm": "SHA",
    "security": "insecure",
    "tls_version": [
      "TLS1.0",
      "TLS1.1",
      "TLS1.2",
      "TLS1.3"
    ]
  }
}

Answer 1 · 2023-08-23T01:50:05.000Z

Thanks for reporting this issue! I suspect this has to do with the different way we display support by TLS version now (see d305cd1 and 0e91616), since even modern TLS1.3 implementations may support older cipher suites.
Nevertheless, this should be made more explicit via the API as well.