PR

Summary

This PR fixes issue #819 where tlsx hangs indefinitely when processing large target lists (~25k+ hosts). The output gets cut mid-line (e.g., mid-JSON key) because the process hangs during a write operation.

Root Causes

  1. Broken timeout in ztls handshake: The tlsHandshakeWithTimeout function ran the handshake inline in a select statement instead of a goroutine, making the timeout ineffective. The handshake would block forever for unresponsive servers.

  2. Missing timeout contexts: Cipher enumeration in tls, ztls, and jarm packages used context.Background() or context.TODO() for pool.Acquire() calls, allowing indefinite blocking.

  3. Context leak in openssl: Using defer cancel() inside a loop caused context leaks.

  4. No periodic buffer flush: The file writer only flushed on close, so if the process hung, buffered data was lost.

Fixes

ztls/ztls.go

  • Fixed tlsHandshakeWithTimeout to run handshake in a goroutine with proper context cancellation
  • Added timeout contexts to cipher enumeration

tls/tls.go

  • Added timeout contexts to cipher enumeration
  • Used HandshakeContext for proper timeout support

jarm/jarm.go

  • Added timeout contexts to pool.Acquire() calls

openssl/openssl.go

  • Fixed context leak by calling cancel() immediately instead of deferring in loop
  • Added proper timeout for dial operations

output/file_writer.go

  • Added periodic flush (every 100 writes) to prevent data loss

Testing

Added timeout_test.go with tests that verify:

  • Handshake properly times out for unresponsive servers (2s timeout works)
  • Cipher enumeration completes with timeout errors rather than hanging

Before/After

Before: Process hangs indefinitely, output truncated mid-line After: Operations time out gracefully, process completes

/claim #819

Summary by CodeRabbit

  • Bug Fixes

    • Improved timeout handling across TLS operations with default 5-second timeouts to prevent hanging operations.
    • Enhanced context cancellation and lifecycle management for increased reliability.
    • Mitigated data loss on crash through periodic flushing of output data.

  • Tests

    • Added timeout and cipher enumeration tests to ensure operations complete reliably under constrained conditions.

Claim

Total prize pool $1,324
Total paid $0
Status Pending
Submitted February 02, 2026
Last updated February 02, 2026

Contributors

ER

Erdogan Kervanli

@erdogan98

 100%

Sponsors

YO

youssefosama3820009-commits

@youssefosama3820009-commits

$1,224
PR

ProjectDiscovery

@projectdiscovery

$100