fix: bound TLS cipher enumeration handshake by timeout | Algora

PR

fix: bound TLS cipher enumeration handshake by timeout

projectdiscovery/tlsx#916

/claim #819

Summary

fix infinite hang during cipher enumeration in pkg/tlsx/tls by using HandshakeContext with options.Timeout
fix the same hang class in pkg/tlsx/ztls by passing a timeout context into tlsHandshakeWithTimeout
close timed-out ztls connections immediately to avoid leaked blocked handshakes
preserve existing behavior for successful handshakes and tls.ErrCertsOnly

Why

Algora bounty issue reports tlsx hanging indefinitely for some hosts. The root cause is per-cipher handshake attempts without an enforced handshake timeout in enumeration paths.

Verification

go test ./pkg/tlsx
go test ./pkg/tlsx/clients

Linked issue

Closes #819

Summary by CodeRabbit

Bug Fixes
- Improved TLS connection timeout handling to properly enforce configured timeouts during handshake operations.
- Enhanced error handling and reliability for TLS certificate validation scenarios.

Claim

Total prize pool $1,324

Total paid $0

Status Pending

Submitted February 20, 2026

Last updated February 20, 2026

Contributors

TY

tyeungchukong-gmail-com

@tyeungchukong-gmail-com

100%

Sponsors

YO

youssefosama3820009-commits

@youssefosama3820009-commits

$1,224

PR

ProjectDiscovery

@projectdiscovery

$100