diff --git a/etc/client-simulation.txt b/etc/client-simulation.txt
index ec9882d..36b8b29 100644
--- a/etc/client-simulation.txt
+++ b/etc/client-simulation.txt
@@ -130,7 +130,7 @@
      minEcdsaBits+=(-1)
      curves+=("secp521r1:secp384r1:prime256v1")
      requiresSha2+=(false)
-     current+=(true)
+     current+=(false)
 
      names+=("Android 5.0.0")
      short+=("android_500")
@@ -151,7 +151,7 @@
      minEcdsaBits+=(-1)
      curves+=("secp521r1:secp384r1:prime256v1")
      requiresSha2+=(false)
-     current+=(true)
+     current+=(false)
 
      names+=("Android 6.0")
      short+=("android_60")
@@ -216,7 +216,7 @@
      minEcdsaBits+=(-1)
      curves+=("X25519:secp256r1:secp384r1")
      requiresSha2+=(false)
-     current+=(true)
+     current+=(false)
 
      names+=("Android 9.0 (native)")
      short+=("android_90")
@@ -2665,8 +2665,8 @@ names+=("Opera 66 (Win 10)")
      minRsaBits+=(-1)
      maxRsaBits+=(-1)
      minEcdsaBits+=(224)
-     curves+=("x25519:secp256r1:secp384r1:secp521r1:x448")
-     requiresSha2+=(true)
+     curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
+     requireseha2+=(true)
      current+=(true)
 
      names+=("OpenSSL 0.9.8y")
diff --git a/etc/client-simulation.wiresharked.md b/etc/client-simulation.wiresharked.md
index eb86682..8cbe120 100644
--- a/etc/client-simulation.wiresharked.md
+++ b/etc/client-simulation.wiresharked.md
@@ -17,7 +17,7 @@ The whole process is manual but not too difficult.
 * *ciphersuites* are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see `~/utils/hexstream2cipher.sh`. They start with TLS\*.
 * Figure out *protos* and *tlsvers* by looking at the *supported_versions* TLS extension (43=0x002b). May work only with recent clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 listed only TLS 1.2/1.3).
 * Adjust *lowest_protocol* and *highest_protocol* accordingly.
-* For *curves* mark the "supported groups" TLS extension --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2curves.sh`. Ignore any ffdhe\* values here.
+* For *curves* mark the "supported groups" TLS extension --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2curves.sh`.
 * Retrieve *alpn* by looking at the "alpn" TLS extension 16 (=0x0010).
 * Review TLS extension 13 (=0x000d) "signature_algorithm" whether any SHA1 signature algorithm is listed. If not *requiresSha2* is true.
 * Leave *maxDhBits*/*minDhBits* and *minRsaBits*/*maxRsaBit* at -1, unless you know for sure what the client can handle.
diff --git a/etc/client-simulation.wiresharked.txt b/etc/client-simulation.wiresharked.txt
index 9b907d7..8c4bda7 100644
--- a/etc/client-simulation.wiresharked.txt
+++ b/etc/client-simulation.wiresharked.txt
@@ -306,7 +306,7 @@
      minRsaBits+=(-1)
      maxRsaBits+=(-1)
      minEcdsaBits+=(224)
-     curves+=("x25519:secp256r1:secp384r1:secp521r1:x448")
+     curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
      requiresSha2+=(true)
      current+=(true)