From c1857ee7753a42da2b3e6abe8cf81c28c977d8b0 Mon Sep 17 00:00:00 2001
From: Jose Biosca <jose.biosca@signaturit.com>
Date: Wed, 7 Aug 2024 10:22:45 +0200
Subject: [PATCH] Fix STARTSSL cap withouth validating if it's mandatory. Issue
 a warning to advise users to verify it.

---
 testssl.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 1aea29f86..ce09659f1 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -22881,7 +22881,7 @@ run_rating() {
      pr_headlineln " Rating (experimental) "
      outln
 
-     [[ -n "$STARTTLS_PROTOCOL" ]] && set_grade_cap "T" "Encryption via STARTTLS is not mandatory (opportunistic)."
+     [[ -n "$STARTTLS_PROTOCOL" ]] && pr_warning "Encryption via STARTTLS should be mandatory (not opportunistic). testssl doesn't check it.\n"
 
      pr_bold " Rating specs"; out " (not complete)  "; outln "SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)"
      pr_bold " Specification documentation  "; pr_url "https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide"