From 1629da42f38c594dcd13724c80e4e3c6189166a8 Mon Sep 17 00:00:00 2001
From: TLS Scanner Assistant <assistant@tls-scanner.dev>
Date: Fri, 27 Jun 2025 10:42:39 +0000
Subject: [PATCH] Fix RuntimeException: Unable to initialize transport handler

- Add exception handling in TlsProbe.executeState() to catch TransportHandlerConnectException
- Add exception handling for "Cannot add Tasks to already shutdown executor" errors
- Add exception handling in BleichenbacherAttacker.getServerPublicKey() for connection failures
- Add RuntimeException catch in Main.java to handle scanner termination gracefully
- Log connection failures with appropriate warning/error messages instead of crashing

This prevents the scanner from crashing when a target becomes unreachable during scanning
and allows it to continue with other probes.

Fixes #112
---
 .../nds/tlsscanner/core/probe/TlsProbe.java   | 21 +++++++++++++++++--
 .../nds/tlsscanner/serverscanner/Main.java    | 10 +++++++++
 .../BleichenbacherAttacker.java               |  6 ++++++
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/TlsProbe.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/TlsProbe.java
index 7b0eb32aa..1a5212880 100644
--- a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/TlsProbe.java
+++ b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/TlsProbe.java
@@ -33,8 +33,25 @@ public final void executeState(State... states) {
     }
 
     public final void executeState(Iterable<State> states) {
-        parallelExecutor.bulkExecuteStateTasks(states);
-        extractStats(states);
+        try {
+            parallelExecutor.bulkExecuteStateTasks(states);
+            extractStats(states);
+        } catch (de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException e) {
+            LOGGER.warn("Connection failed during probe execution: {}", e.getMessage());
+            // Don't propagate the exception, allowing the scan to continue with other probes
+        } catch (RuntimeException e) {
+            if (e.getMessage() != null
+                    && e.getMessage().contains("Cannot add Tasks to already shutdown executor")) {
+                LOGGER.warn(
+                        "ParallelExecutor was shutdown during execution, skipping remaining tasks");
+            } else {
+                LOGGER.error("Exception during probe execution: {}", e.getMessage(), e);
+            }
+            // Log the exception but don't crash the scanner
+        } catch (Exception e) {
+            LOGGER.error("Exception during probe execution: {}", e.getMessage(), e);
+            // Log the full exception but don't crash the scanner
+        }
     }
 
     @Override
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/Main.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/Main.java
index 9e2c5f657..c1c64b8a0 100644
--- a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/Main.java
+++ b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/Main.java
@@ -53,6 +53,16 @@ public static void main(String[] args) throws IOException {
                                         .getFullReport());
             } catch (ConfigurationException e) {
                 LOGGER.error("Encountered a ConfigurationException aborting.", e);
+            } catch (RuntimeException e) {
+                if (e.getCause()
+                        instanceof
+                        de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException) {
+                    LOGGER.error(
+                            "Scanner terminated due to connection failure: {}",
+                            e.getCause().getMessage());
+                } else {
+                    LOGGER.error("Scanner terminated unexpectedly", e);
+                }
             }
         } catch (ParameterException e) {
             LOGGER.error("Could not parse provided parameters", e);
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/BleichenbacherAttacker.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/BleichenbacherAttacker.java
index 1e047909c..d5c6fdf12 100644
--- a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/BleichenbacherAttacker.java
+++ b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/bleichenbacher/BleichenbacherAttacker.java
@@ -230,6 +230,12 @@ private PublicKeyContainer getServerPublicKey() {
         try {
             publicKey = CertificateFetcher.fetchServerPublicKey(tlsConfig);
         } catch (CertificateParsingException ignored) {
+        } catch (de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException e) {
+            LOGGER.warn("Unable to connect to server for public key retrieval: {}", e.getMessage());
+            return null;
+        } catch (Exception e) {
+            LOGGER.warn("Failed to retrieve server public key: {}", e.getMessage());
+            return null;
         }
         if (publicKey == null) {
             LOGGER.debug("Could not retrieve PublicKey from Server - is the Server running?");