From 71e38863bc724f7d7dc0cf15d95d5b42c29725b8 Mon Sep 17 00:00:00 2001
From: Jacob Baines <jbaines@vulncheck.com>
Date: Mon, 23 Oct 2023 13:36:20 -0400
Subject: [PATCH] Enable older TLS/SSL clients by default. Fix rhosts typo

---
 .golangci.yml      | 4 ++++
 cli/commandline.go | 4 ++--
 framework.go       | 6 +++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index a6ac391..02baf96 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -95,3 +95,7 @@ issues:
       linters:
         - staticcheck
       text: SA1019
+    - path: framework.go
+      linters:
+        - staticcheck
+      text: SA1019
\ No newline at end of file
diff --git a/cli/commandline.go b/cli/commandline.go
index 4c748a4..c07a1a3 100644
--- a/cli/commandline.go
+++ b/cli/commandline.go
@@ -160,11 +160,11 @@ func handleRhostsOptions(conf *config.Config, rhosts string, rports string, rhos
 func commonValidate(conf *config.Config, rhosts string, rports string, rhostsFile string) bool {
 	switch {
 	case len(conf.Rhost) == 0 && len(rhosts) == 0 && len(rhostsFile) == 0:
-		output.PrintFrameworkError("Missing required option 'rhost', 'rhosts', or 'rhostsFile'")
+		output.PrintFrameworkError("Missing required option 'rhost', 'rhosts', or 'rhosts-file'")
 
 		return false
 	case conf.Rport == 0 && len(rports) == 0 && len(rhostsFile) == 0:
-		output.PrintFrameworkError("Missing required option 'rport', 'rports', or 'rhostsFile'")
+		output.PrintFrameworkError("Missing required option 'rport', 'rports', or 'rhosts-file'")
 
 		return false
 	case len(conf.Rhost) != 0 && len(rhosts) != 0:
diff --git a/framework.go b/framework.go
index 0a0fad7..e6c353e 100644
--- a/framework.go
+++ b/framework.go
@@ -332,7 +332,11 @@ func RunProgram(sploit Exploit, conf *config.Config) {
 	}
 
 	// disable https cert verification globally
-	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: true,
+		// We have no control over the SSL versions supported on the remote target. Be permissive for more targets.
+		MinVersion: tls.VersionSSL30,
+	}
 
 	// if the c2 server is meant to catch responses, initialize and start so it can bind
 	if !startC2Server(conf) {