Multiple IP address handling #348
Description
Currently sslscan appears to follow the system resolve order if a target host resolves to multiple addresses, and picks one of them at random according to address family preference:
n2 ~/sslscan-2.2.1 # host www.google.com
www.google.com has address 142.250.129.106
www.google.com has address 142.250.129.104
www.google.com has address 142.250.129.147
www.google.com has address 142.250.129.99
www.google.com has address 142.250.129.103
www.google.com has address 142.250.129.105
www.google.com has IPv6 address 2a00:1450:4009:c08::68
www.google.com has IPv6 address 2a00:1450:4009:c08::6a
www.google.com has IPv6 address 2a00:1450:4009:c08::67
www.google.com has IPv6 address 2a00:1450:4009:c08::69
n2 ~/sslscan-2.2.1 # ./sslscan www.google.com
Version: 2.2.1
OpenSSL 3.5.4 30 Sep 2025
Connected to 2a00:1450:4009:c08::68
Testing SSL server www.google.com on port 443 using SNI name www.google.com
...
This approach makes sense for a typical user - ie you just want to access the site, but not so much from someone who's auditing/testing the site (which is the typical use case of sslscan).
What it doesn't do is:
- highlight the fact that the given hostname resolves to multiple addresses
- test all of the addresses
Since there could be differences in configuration, it would make sense to at the very least highlight the presence of multiple addresses, as well as test each of them individually and highlight any differences, or if any of them are unreachable/down etc. For someone testing a site this is important.
The online ssltest at https://www.ssllabs.com/ssltest/ does this by default.