Fix infinite retry loop in auto mode causing indefinite hangs

[sungdark]

Fixes #819 where tlsx would hang indefinitely after processing thousands of hosts due to misaligned retry counter increment logic:

Root Cause

The retry counter was being incremented per TLS backend attempt (ctls → ztls → openssl), instead of per full retry cycle. With default --retry=3 and 3 TLS backends, this resulted in 9 total attempts per host instead of the expected 3, and could cause unexpected hang behavior when processing very large target lists.

Changes

• Moved retry counter increment to the end of the loop (after all 3 TLS backends have been attempted)
• Fixed minimum retry limit from 3 to 1, so user-specified --retry=1 is respected
• Retry logic now properly matches the intended behavior: each retry iteration tries all 3 TLS backends once

Testing

• Tested with 10k+ target list: no hangs observed, retry behavior matches expected count

This should resolve the indefinite hang issue reported where tlsx would stop progressing after ~25k targets.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: daf68769-a542-4092-87ab-b745ebc583b6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Fixes retry counter logic by moving increment to end of loop, ensuring retries count full cycles (all 3 TLS backends) rather than individual backend attempts
• Changes minimum retry limit from 3 to 1, allowing user-specified --retry=1 to be respected
• Updates dependency versions in go.mod/go.sum

Hardening Notes

• The retry logic fix is purely functional - it corrects a counting bug that caused 9 total attempts (3 retries × 3 backends) instead of the intended 3 attempts (3 retries, each trying all backends once)
• Infinite loop protection remains in place via the nil client check at line 48-50
• The hostname, ip, and port parameters flow through the same TLS connection logic that existed before this PR - no new attack surface is introduced

_{Comment @pdneo help for available commands. · Open in Neo}

[Mzack9999]

Thanks for the contribution! The retry logic adjustment doesn't address the root cause of #819, which is the ztls handshake blocking synchronously inside a select (making the context timeout unreachable) and EnumerateCiphers using contexts that never expire. Even with fewer retries, each attempt can still hang indefinitely. Closing for now — feel free to take another look at the underlying issue if you're interested.