From 9d626472268a84b8519cb4ff9bb8e120c84b3446 Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 4 Aug 2020 07:35:05 -0400
Subject: [PATCH] Align ALPN GREASE test with RFC 8701

The ALPN GREASE test was written based on draft-ietf-tls-grease-01, which reserved all ALPN identifiers beginning with the prefix "ignore/". This commit changes the test to align with RFC 8701, which instead reserves {0x0A,0x0A}, {0x1A,0x1A}, ..., {0xFA,0xFA}.
---
 testssl.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/testssl.sh b/testssl.sh
index cc9a584..ca6d540 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -18018,7 +18018,7 @@ run_grease() {
                selected_alpn_protocol="$(grep "ALPN protocol:" "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/ALPN protocol:  //')"
                # If using a "normal" ALPN extension worked, then add an unrecognized
                # ALPN value to the beginning of the extension and try again.
-               alpn_proto="ignore/$selected_alpn_protocol"
+               alpn_proto="ZZ" # "ZZ" = "{0x5A,0x5A}"
                alpn=",$(printf "%02x" ${#alpn_proto}),$(string_to_asciihex "$alpn_proto")$alpn"
                alpn_list_len=${#alpn}/3
                alpn_list_len_hex=$(printf "%04x" $alpn_list_len)
@@ -18029,7 +18029,7 @@ run_grease() {
                success=$?
                if [[ $success -ne 0 ]] && [[ $success -ne 2 ]]; then
                     prln_svrty_medium " Server fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value."
-                    fileout "$jsonID" "MEDIUM" "erver fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value."
+                    fileout "$jsonID" "MEDIUM" "Server fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value."
                     bug_found=true
                else
                     grease_selected_alpn_protocol="$(grep "ALPN protocol:" "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/ALPN protocol:  //')"
@@ -18037,9 +18037,9 @@ run_grease() {
                          prln_svrty_medium " Server did not ignore unrecognized ALPN value in the application_layer_protocol_negotiation extension."
                          fileout "$jsonID" "MEDIUM" "Server did not ignore unrecognized ALPN value in the application_layer_protocol_negotiation extension."
                          bug_found=true
-                    elif [[ "$grease_selected_alpn_protocol" =~ ignore/ ]]; then
-                         prln_svrty_medium " Server selected \"ignore/\" ALPN value in the application_layer_protocol_negotiation extension."
-                         fileout "$jsonID" "MEDIUM" "Server selected \"ignore/\" ALPN value in the application_layer_protocol_negotiation extension."
+                    elif [[ "$grease_selected_alpn_protocol" == $alpn_proto ]]; then
+                         prln_svrty_medium " Server selected GREASE ALPN value ($alpn_proto) in the application_layer_protocol_negotiation extension."
+                         fileout "$jsonID" "MEDIUM" "Server selected GREASE ALPN value ($alpn_proto) in the application_layer_protocol_negotiation extension."
                          bug_found=true
                     fi
                fi