Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1694 from dcooper16/alpn_grease

Browse Source 
Align ALPN GREASE test with RFC 8701
This commit is contained in:
Dirk Wetter 2020-08-04 22:11:12 +02:00 committed by GitHub
commit 2e6f912cef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
testssl.sh
View File

@ -18019,7 +18019,7 @@ run_grease() {
selected_alpn_protocol="$(grep "ALPN protocol:" "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/ALPN protocol: //')" selected_alpn_protocol="$(grep "ALPN protocol:" "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/ALPN protocol: //')"
# If using a "normal" ALPN extension worked, then add an unrecognized # If using a "normal" ALPN extension worked, then add an unrecognized
# ALPN value to the beginning of the extension and try again. # ALPN value to the beginning of the extension and try again.
alpn_proto="ignore/$selected_alpn_protocol" alpn_proto="ZZ" # "ZZ" = "{0x5A,0x5A}"
alpn=",$(printf "%02x" ${#alpn_proto}),$(string_to_asciihex "$alpn_proto")$alpn" alpn=",$(printf "%02x" ${#alpn_proto}),$(string_to_asciihex "$alpn_proto")$alpn"
alpn_list_len=${#alpn}/3 alpn_list_len=${#alpn}/3
alpn_list_len_hex=$(printf "%04x" $alpn_list_len) alpn_list_len_hex=$(printf "%04x" $alpn_list_len)
@ -18030,7 +18030,7 @@ run_grease() {
success=$? success=$?
if [[ $success -ne 0 ]] && [[ $success -ne 2 ]]; then if [[ $success -ne 0 ]] && [[ $success -ne 2 ]]; then
prln_svrty_medium " Server fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value." prln_svrty_medium " Server fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value."
fileout "$jsonID" "MEDIUM" "erver fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value." fileout "$jsonID" "MEDIUM" "Server fails if ClientHello contains an application_layer_protocol_negotiation extension with an unrecognized ALPN value."
bug_found=true bug_found=true
else else
grease_selected_alpn_protocol="$(grep "ALPN protocol:" "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/ALPN protocol: //')" grease_selected_alpn_protocol="$(grep "ALPN protocol:" "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" | sed 's/ALPN protocol: //')"
@ -18038,9 +18038,9 @@ run_grease() {
prln_svrty_medium " Server did not ignore unrecognized ALPN value in the application_layer_protocol_negotiation extension." prln_svrty_medium " Server did not ignore unrecognized ALPN value in the application_layer_protocol_negotiation extension."
fileout "$jsonID" "MEDIUM" "Server did not ignore unrecognized ALPN value in the application_layer_protocol_negotiation extension." fileout "$jsonID" "MEDIUM" "Server did not ignore unrecognized ALPN value in the application_layer_protocol_negotiation extension."
bug_found=true bug_found=true
elif [[ "$grease_selected_alpn_protocol" =~ ignore/ ]]; then elif [[ "$grease_selected_alpn_protocol" == $alpn_proto ]]; then
prln_svrty_medium " Server selected \"ignore/\" ALPN value in the application_layer_protocol_negotiation extension." prln_svrty_medium " Server selected GREASE ALPN value ($alpn_proto) in the application_layer_protocol_negotiation extension."
fileout "$jsonID" "MEDIUM" "Server selected \"ignore/\" ALPN value in the application_layer_protocol_negotiation extension." fileout "$jsonID" "MEDIUM" "Server selected GREASE ALPN value ($alpn_proto) in the application_layer_protocol_negotiation extension."
bug_found=true bug_found=true
fi fi
fi fi