Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Support version negotiation test

Browse Source 
The new test in PR #346 sends a TLSv1.4 ClientHello, so socksend_tls_clienthello() needs to include the signature algorithms extension if $tls_low_byte >= 3 rather than only if it is equal to 3.
This commit is contained in:
David Cooper 2016-05-11 09:24:07 -04:00
parent 92c2b60d9b
commit 07a8bd3143
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
testssl.sh
View File

@ -4278,7 +4278,7 @@ socksend_tls_clienthello() {
# RFC 5246 says that clients MUST NOT offer the signature algorithms # RFC 5246 says that clients MUST NOT offer the signature algorithms
# extension if they are offering TLS versions prior to 1.2. # extension if they are offering TLS versions prior to 1.2.
if [[ "$tls_low_byte" == "03" ]]; then if [[ "0x$tls_low_byte" -ge "0x03" ]]; then
all_extensions="$all_extensions all_extensions="$all_extensions
,$extension_signature_algorithms" ,$extension_signature_algorithms"
fi fi