fix: prevent indefinite hangs during TLS cipher enumeration (Fixes #819)

[Tianlin0725]

Summary

This PR fixes the indefinite hang issue in tlsx when scanning targets with problematic TLS configurations. The bug occurred because cipher enumeration handshakes did not have proper timeout enforcement.

Changes

pkg/tlsx/ztls/ztls.go

• Added context.WithTimeout for each cipher handshake in EnumerateCiphers
• Ensures handshake respects the configured timeout option

pkg/tlsx/tls/tls.go

• Changed from conn.Handshake() to conn.HandshakeContext(ctx) with timeout
• Prevents indefinite blocking on stuck TLS connections

Root Cause

The original code used context.TODO() (no deadline) or direct Handshake() calls without timeout, causing tlsx to hang indefinitely when encountering hosts that do not respond properly during TLS negotiation.

Testing

The fix ensures that:

1. Each cipher handshake respects the -timeout flag
2. Stuck connections are properly terminated
3. Long-running scans can complete without manual intervention

/claim #819

Fixes #819

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Dependency updates in go.mod including BoomFilters, zcrypto, and various ProjectDiscovery libraries
• Timeout implementation remains secure with configuration-based timeout values (not user-controlled)
• Context handling and cleanup continue to prevent resource exhaustion

Hardening Notes

• The timeout enforcement for TLS cipher enumeration remains properly implemented with explicit cancel() cleanup
• All timeout values continue to be sourced from configuration (c.options.Timeout), eliminating any user-input injection risks
• The HandshakeContext usage in both crypto/tls and zcrypto implementations ensures proper timeout enforcement across all TLS operations

_{Comment @neo help for available commands. · Open in Neo}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Tianlin0725]

Hi @projectdiscovery team, this PR is ready for review. It fixes the TLS cipher enumeration hang issue (#819) by adding proper timeout handling. All tests pass. Please let me know if you need any changes.