From 2ae28d7f640ba67ab3ccaaa64260e8246d7f9e92 Mon Sep 17 00:00:00 2001
From: Riccardo Germenia <rgermenia@fbk.eu>
Date: Fri, 17 Jan 2025 12:03:34 +0100
Subject: [PATCH 1/3] fix curves findings in TLS1.2 and prior versions

---
 testssl.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/testssl.sh b/testssl.sh
index 59cfcfd..5e9efde 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10852,6 +10852,14 @@ run_fs() {
                                    "${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
                               fi
                          done
+                         # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
+                         # used in the certificate. The easiest solution is to move the curves to the end of the list.
+                         # instead of removing them from the ClientHello.
+                         for (( i=low; i < high; i++ )); do
+                              if ! "$HAS_TLS13" || ! "${curves_deprecated[i]}" || [[ "$proto" == "-no_tls1_3" ]]; then
+                                   "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
+                              fi
+                         done
                          [[ -z "$curves_to_test" ]] && break
                          $OPENSSL s_client $(s_client_options "$proto -cipher "\'${ecdhe_cipher_list:1}\'" -ciphersuites "\'${tls13_cipher_list:1}\'" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
                          sclient_connect_successful $? $TMPFILE || break

From 355b9d2dcc4d10d0f4ef5620e91bd2542a64883d Mon Sep 17 00:00:00 2001
From: Riccardo Germenia <rgermenia@fbk.eu>
Date: Mon, 20 Jan 2025 17:27:31 +0100
Subject: [PATCH 2/3] add fix to sockets and move test after original one

---
 testssl.sh | 81 ++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 73 insertions(+), 8 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 5e9efde..64a386f 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10852,14 +10852,6 @@ run_fs() {
                                    "${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
                               fi
                          done
-                         # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
-                         # used in the certificate. The easiest solution is to move the curves to the end of the list.
-                         # instead of removing them from the ClientHello.
-                         for (( i=low; i < high; i++ )); do
-                              if ! "$HAS_TLS13" || ! "${curves_deprecated[i]}" || [[ "$proto" == "-no_tls1_3" ]]; then
-                                   "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
-                              fi
-                         done
                          [[ -z "$curves_to_test" ]] && break
                          $OPENSSL s_client $(s_client_options "$proto -cipher "\'${ecdhe_cipher_list:1}\'" -ciphersuites "\'${tls13_cipher_list:1}\'" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
                          sclient_connect_successful $? $TMPFILE || break
@@ -10881,6 +10873,44 @@ run_fs() {
                          [[ $i -eq $high ]] && break
                          supported_curve[i]=true
                     done
+                    while true; do
+                         # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
+                         # used in the certificate. The easiest solution is to move the curves to the end of the list.
+                         # instead of removing them from the ClientHello. This is only needed if there is no RSA certificate.
+                         if ((! "$HAS_TLS13" || [[ "$proto" == "-no_tls1_3" ]]) && [[ ! "$ecdhe_cipher_list" == *RSA* ]]) || break; then
+                              curves_to_test=""
+                              for (( i=low; i < high; i++ )); do
+                                   if ! "${curves_deprecated[i]}"; then
+                                        "${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
+                                   fi
+                              done
+                              [[ -z "$curves_to_test" ]] && break
+                              for (( i=low; i < high; i++ )); do
+                                   if ! "${curves_deprecated[i]}"; then
+                                        "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
+                                   fi
+                              done
+                              $OPENSSL s_client $(s_client_options "$proto -cipher "\'${ecdhe_cipher_list:1}\'" -ciphersuites "\'${tls13_cipher_list:1}\'" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
+                              sclient_connect_successful $? $TMPFILE || break
+                              temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE")
+                              curve_found="${temp%%,*}"
+                              if [[ "$curve_found" == ECDH ]]; then
+                                   curve_found="${temp#*, }"
+                                   curve_found="${curve_found%%,*}"
+                                   if "$HAS_TLS13" && [[ ! "$proto" == "-no_tls1_3" ]] && [[ "$curve_found" == brainpoolP[235][581][642]r1 ]]; then
+                                        [[ "$(get_protocol "$TMPFILE")" == TLSv1.3 ]] && curve_found+="tls13"
+                                   fi
+                              fi
+                              for (( i=low; i < high; i++ )); do
+                                   if ! "${supported_curve[i]}"; then
+                                        [[ "${curves_ossl_output[i]}" == "$curve_found" ]] && break
+                                        [[ "${curves_ossl[i]}" == "$curve_found" ]] && break
+                                   fi
+                              done
+                              [[ $i -eq $high ]] && break
+                              supported_curve[i]=true
+                         fi
+                    done
                done
           done
      fi
@@ -10917,6 +10947,41 @@ run_fs() {
                     [[ $i -eq $nr_curves ]] && break
                     supported_curve[i]=true
                done
+               # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
+               # used in the certificate. The easiest solution is to move the curves to the end of the list.
+               # instead of removing them from the ClientHello. This is only needed if there is no RSA certificate.
+               while true; do
+                    if ([[ "$proto" == 03 ]] && [[ ! "$ecdhe_cipher_list" == *RSA* ]]) || break; then
+                         curves_to_test=""
+                         for (( i=0; i < nr_curves; i++ )); do
+                              if ! "${curves_deprecated[i]}" || [[ "$proto" == 03 ]]; then
+                                   ! "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
+                              fi
+                         done
+                         [[ -z "$curves_to_test" ]] && break
+                         for (( i=0; i < nr_curves; i++ )); do
+                              if ! "${curves_deprecated[i]}" || [[ "$proto" == 03 ]]; then
+                                   "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
+                              fi
+                         done
+                         len1=$(printf "%02x" "$((2*${#curves_to_test}/7))")
+                         len2=$(printf "%02x" "$((2*${#curves_to_test}/7+2))")
+                         tls_sockets "$proto" "${ecdhe_cipher_list_hex:2}, 00,ff" "ephemeralkey" "00, 0a, 00, $len2, 00, $len1, ${curves_to_test:2}"
+                         sclient_success=$?
+                         [[ $sclient_success -ne 0 ]] && [[ $sclient_success -ne 2 ]] && break
+                         temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
+                         curve_found="${temp%%,*}"
+                         if [[ "$curve_found" == "ECDH" ]]; then
+                              curve_found="${temp#*, }"
+                              curve_found="${curve_found%%,*}"
+                         fi
+                         for (( i=0; i < nr_curves; i++ )); do
+                              ! "${supported_curve[i]}" && [[ "${curves_ossl_output[i]}" == "$curve_found" ]] && break
+                         done
+                         [[ $i -eq $nr_curves ]] && break
+                         supported_curve[i]=true
+                    fi
+               done
           done
      fi
      if "$ecdhe_offered"; then

From b3609603f9319e784a6aab62e8eac2e2d742cc84 Mon Sep 17 00:00:00 2001
From: Riccardo Germenia <rgermenia@fbk.eu>
Date: Thu, 20 Feb 2025 15:45:05 +0100
Subject: [PATCH 3/3] remove unnecessary "if" statements and remove break from
 "if" statements

---
 testssl.sh | 38 +++++++++++++++-----------------------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index 64a386f..49c8d0e 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -10873,22 +10873,18 @@ run_fs() {
                          [[ $i -eq $high ]] && break
                          supported_curve[i]=true
                     done
-                    while true; do
-                         # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
-                         # used in the certificate. The easiest solution is to move the curves to the end of the list.
-                         # instead of removing them from the ClientHello. This is only needed if there is no RSA certificate.
-                         if ((! "$HAS_TLS13" || [[ "$proto" == "-no_tls1_3" ]]) && [[ ! "$ecdhe_cipher_list" == *RSA* ]]) || break; then
+                    # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
+                    # used in the certificate. The easiest solution is to move the curves to the end of the list.
+                    # instead of removing them from the ClientHello. This is only needed if there is no RSA certificate.
+                    if (! "$HAS_TLS13" || [[ "$proto" == "-no_tls1_3" ]]) && [[ ! "$ecdhe_cipher_list" == *RSA* ]]; then
+                         while true; do
                               curves_to_test=""
                               for (( i=low; i < high; i++ )); do
-                                   if ! "${curves_deprecated[i]}"; then
-                                        "${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
-                                   fi
+                                   "${ossl_supported[i]}" && ! "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
                               done
                               [[ -z "$curves_to_test" ]] && break
                               for (( i=low; i < high; i++ )); do
-                                   if ! "${curves_deprecated[i]}"; then
-                                        "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
-                                   fi
+                                   "${supported_curve[i]}" && curves_to_test+=":${curves_ossl[i]}"
                               done
                               $OPENSSL s_client $(s_client_options "$proto -cipher "\'${ecdhe_cipher_list:1}\'" -ciphersuites "\'${tls13_cipher_list:1}\'" -curves "${curves_to_test:1}" $STARTTLS $BUGS -connect $NODEIP:$PORT $PROXY $SNI") &>$TMPFILE </dev/null
                               sclient_connect_successful $? $TMPFILE || break
@@ -10909,8 +10905,8 @@ run_fs() {
                               done
                               [[ $i -eq $high ]] && break
                               supported_curve[i]=true
-                         fi
-                    done
+                         done
+                    fi
                done
           done
      fi
@@ -10950,19 +10946,15 @@ run_fs() {
                # Versions of TLS prior to 1.3 close the connection if the client does not support the curve
                # used in the certificate. The easiest solution is to move the curves to the end of the list.
                # instead of removing them from the ClientHello. This is only needed if there is no RSA certificate.
-               while true; do
-                    if ([[ "$proto" == 03 ]] && [[ ! "$ecdhe_cipher_list" == *RSA* ]]) || break; then
+               if ([[ "$proto" == 03 ]] && [[ ! "$ecdhe_cipher_list" == *RSA* ]]); then
+                    while true; do
                          curves_to_test=""
                          for (( i=0; i < nr_curves; i++ )); do
-                              if ! "${curves_deprecated[i]}" || [[ "$proto" == 03 ]]; then
-                                   ! "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
-                              fi
+                              ! "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
                          done
                          [[ -z "$curves_to_test" ]] && break
                          for (( i=0; i < nr_curves; i++ )); do
-                              if ! "${curves_deprecated[i]}" || [[ "$proto" == 03 ]]; then
-                                   "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
-                              fi
+                              "${supported_curve[i]}" && curves_to_test+=", ${curves_hex[i]}"
                          done
                          len1=$(printf "%02x" "$((2*${#curves_to_test}/7))")
                          len2=$(printf "%02x" "$((2*${#curves_to_test}/7+2))")
@@ -10980,8 +10972,8 @@ run_fs() {
                          done
                          [[ $i -eq $nr_curves ]] && break
                          supported_curve[i]=true
-                    fi
-               done
+                    done
+               fi
           done
      fi
      if "$ecdhe_offered"; then