Retire HTTPSInfo / TLS Debug

Describe the bug When checking the TLS ciphers using HTTPSInfo the first line reports a StringIndexOutOfBoundsException error and then only shows a few of the actual ciphers on the web server, and none of the TLS1.3 ciphers.

An exception occurred while updating the General panel. Problem fetching certificate. err=java.lang.StringIndexOutOfBoundsException: begin 4, end -1, length 22Cipher Suites Supported: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x9f)(MEDIUM,TLSv1.2) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xc02f)(STRONG,TLSv1.2) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xc030)(STRONG,TLSv1.2) TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(0xcca8)(STRONG,TLSv1.2)

To Reproduce Steps to reproduce the behavior:

1. Go to ‘a URL in the sites panel’
2. Right Click on ‘one of the URL and choose HTTPSInfo’
3. Move to the HTTPSInfo tab
4. See error ::
5. An exception occurred while updating the General panel. Problem fetching certificate. err=java.lang.StringIndexOutOfBoundsException: begin 4, end -1, length 22Cipher Suites Supported:

Expected behavior For HTTPSInfo to show all the available Cipher suites for the URL

Screenshots

Software versions

• ZAP: ZAPD_2021-11-08
• Add-on: HTTPSInfo Alpha 13.0.0
• OS: Windows 10
• Java: java -version openjdk version “11.0.12” 2021-07-20 LTS OpenJDK Runtime Environment (build 11.0.12+7-LTS) OpenJDK 64-Bit Server VM (build 11.0.12+7-LTS, mixed mode)
• Browser: Chrome Version 95.0.4638.69 (Official Build) (64-bit)

Errors from the zap.log file log_httpsinfo.log

Additional context From the log it looks like DeepViolet is the source of the issue. I also see that DeepViolet no longer has a maintainer. A shame, as Weak TLS is a compliance issue that should really be a part of the alerts. Using nmap --script ssl-enum-ciphers or an external parties tool outside the network can cause problems and is frowned upon when scanning internally.

https://github.com/spoofzu/DeepViolet

Would you like to help fix this issue? Happy to provide detailed bug reports and test fixes.