PR
fix: prevent indefinite hangs during TLS cipher enumeration (Fixes #819)
projectdiscovery/tlsx#925
Summary
This PR fixes the indefinite hang issue in tlsx when scanning targets with problematic TLS configurations. The bug occurred because cipher enumeration handshakes did not have proper timeout enforcement.
Changes
pkg/tlsx/ztls/ztls.go
- Added
context.WithTimeoutfor each cipher handshake inEnumerateCiphers - Ensures handshake respects the configured timeout option
pkg/tlsx/tls/tls.go
- Changed from
conn.Handshake()toconn.HandshakeContext(ctx)with timeout - Prevents indefinite blocking on stuck TLS connections
Root Cause
The original code used context.TODO() (no deadline) or direct Handshake() calls without timeout, causing tlsx to hang indefinitely when encountering hosts that do not respond properly during TLS negotiation.
Testing
The fix ensures that:
- Each cipher handshake respects the
-timeoutflag - Stuck connections are properly terminated
- Long-running scans can complete without manual intervention
/claim #819
Fixes #819
Claim
Total prize pool
$1,324
Total paid
$0
Status
Pending
Submitted
February 27, 2026
Last updated
February 27, 2026
Contributors
TI
tianlin-magi
@tele-he-gmail-com
Sponsors
YO
youssefosama3820009-commits
@youssefosama3820009-commits
$1,224
PR
ProjectDiscovery
@projectdiscovery
$100