From 3f99c2d2c828b4990e35b23247c13551605fafe9 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Tue, 23 Apr 2019 11:33:47 +0200 Subject: [PATCH] Add Opera 60 + Chrome 73 Chrome 74 update pending --- etc/client-simulation.txt | 46 +++++++++++++++++++++++- etc/client-simulation.wiresharked.txt | 52 ++++++++++++++++++++++++--- 2 files changed, 93 insertions(+), 5 deletions(-) diff --git a/etc/client-simulation.txt b/etc/client-simulation.txt index f9e4573..0714ca4 100644 --- a/etc/client-simulation.txt +++ b/etc/client-simulation.txt @@ -751,7 +751,7 @@ warning+=("") handshakebytes+=("1603010200010001fc0303a4ae4c9839623356a42a2a977373dcefc5920611a46c549eca42959de9e2dab220d6c3276206e9c756685d96687302864815ed0e8496472898e86b30b694ee994300229a9a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001913a3a0000ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d00140012040308040401050308050501080606010201000500050100000000001200000010000e000c02683208687474702f312e3175500000000b000201000033002b00291a1a000100001d00205672b32aa464a7b8513f37108290ab0dd39e317d2b0db8fe0d77c147b324fe29002d00020101002b000b0a0a0a0304030303020301000a000a00081a1a001d00170018001b00030200022a2a000100001500c50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") protos+=("-no_ssl3 -no_ssl2") - tlsvers+=("-tls1_2 -tls1_1 -tls1") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") lowest_protocol+=("0x0301") highest_protocol+=("0x0304") service+=("HTTP,FTP") @@ -762,6 +762,28 @@ minEcdsaBits+=(-1) curves+=("X25519:prime256v1:secp384r1") requiresSha2+=(false) + current+=(false) + + names+=("Chrome 73 (Win 10)") + short+=("chrome_73_win10") + ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA") + ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") + sni+=("$SNI") + warning+=("") + handshakebytes+=("1603010200010001fc0303a719e434922565bbd59fe0dfec21b7f5c8549fdf52566af99cce87ecb276992b20bbf979b5fbe4ebd1412e55ffe6b811e561d3f04ce451fc229d329babda4de91d00227a7a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001914a4a000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00205c2f12fabe8b2ff843aa9f347816b7d3a8b8c051f0830f4bbf13d44b5ec37c2b002d00020101002b000b0aeaea0304030303020301001b0003020002eaea000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + protos+=("-no_ssl3 -no_ssl2") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") + lowest_protocol+=("0x0301") + highest_protocol+=("0x0304") + alpn+=("h2,http/1.1") + service+=("HTTP,FTP") + minDhBits+=(1024) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + curves+=("X25519:secp256r1:secp384r1") + requiresSha2+=(false) current+=(true) names+=("Firefox 10.0.12 ESR Win 7") @@ -1858,6 +1880,28 @@ requiresSha2+=(false) current+=(false) + names+=("Opera 60 (Win 10)") + short+=("opera_60_win10") + ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA") + ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") + sni+=("$SNI") + warning+=("") + handshakebytes+=("1603010200010001fc03033503bae63f0cf8ef9d0a55623327a28e3c3525a2ce28153242e132279d3940e3206a440f32e7a8488b012b12d4b7d1b2b1764c784a944662a7f305e90f7d15168500228a8a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191eaea000000000012001000000d7777772e6f706572612e636f6d00170000ff01000100000a000a0008caca001d00170018000b00020100002300c07505f51cc349fe3f9e022858dcd1eb12ca07a302fd9f43a4cbffec031296e77b07122bb9532dd112770b686a4898e20462c514c5fb043dc325a5453753c499774bfab673024a86543064c33d40b67b2e4e9dfa177305e8cdc39f3d8afe0fe7c80406a9e07ea836dd8a46ab7ef9aa5dc66301a346585f7ff26615a28cbea2544d4ba8101be6f528b4bba3a5ce9a6683537b29cd16d4c5015de6f9a93d3c132389e56ff20853d952f6ee06b46ca89dc52b67583fbb0fb61e2b78c03ef97892c6a90010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029caca000100001d00204aeb26ec670ce59e094a8b97c281186b4e87706df48667a24193e268a069cd54002d00020101002b000b0a3a3a0304030303020301001b00030200027a7a0001000015000b0000000000000000000000") + protos+=("-no_ssl2") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") + lowest_protocol+=("0x0300") + highest_protocol+=("0x0304") + alpn+=("h2,http/1.1") + service+=("HTTP,FTP") + minDhBits+=(-1) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + curves+=("X25519:secp256r1:secp384r1") + requiresSha2+=(false) + current+=(true) + names+=("Safari 5.1.9 OS X 10.6.8") short+=("safari_519_osx1068") ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA") diff --git a/etc/client-simulation.wiresharked.txt b/etc/client-simulation.wiresharked.txt index ae530c4..92236f8 100644 --- a/etc/client-simulation.wiresharked.txt +++ b/etc/client-simulation.wiresharked.txt @@ -6,14 +6,14 @@ # Instructions how to add a client simulation: # * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute. # * Make sure you create a bit of encrypted traffic to a target of your choice 1) . -# * Make sure the client traffic is specific: For just "Android" do not use a browser. +# * Make sure the client traffic is specific: For just "Android" do not use a browser! # * Stop the recording. # * If needed sort for ClientHello. -# * Look for the ClientHello which matches the source IP + destination IP you had in mind. +# * Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic. # * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream. # * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here) # * Adjust "lowest_protocol" and "highest_protocol" accordingly. -# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit GREASE. +# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE. # * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010). # * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true # * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle @@ -23,7 +23,7 @@ # * Before submitting a PR: test it yourself! You can also watch it again via wireshark # # -# 1) Attention: if you want to contribute it contains the target hostname (SNI) +# 1) Attention, privacy: if you want to contribute it contains the target hostname (SNI) names+=("Android 8.1 (native)") @@ -92,6 +92,28 @@ requiresSha2+=(false) current+=(true) + names+=("Chrome 73 (Win 10)") + short+=("chrome_73_win10") + ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA") + ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") + sni+=("$SNI") + warning+=("") + handshakebytes+=("1603010200010001fc0303a719e434922565bbd59fe0dfec21b7f5c8549fdf52566af99cce87ecb276992b20bbf979b5fbe4ebd1412e55ffe6b811e561d3f04ce451fc229d329babda4de91d00227a7a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001914a4a000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00205c2f12fabe8b2ff843aa9f347816b7d3a8b8c051f0830f4bbf13d44b5ec37c2b002d00020101002b000b0aeaea0304030303020301001b0003020002eaea000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + protos+=("-no_ssl3 -no_ssl2") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") + lowest_protocol+=("0x0301") + highest_protocol+=("0x0304") + alpn+=("h2,http/1.1") + service+=("HTTP,FTP") + minDhBits+=(1024) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + curves+=("X25519:secp256r1:secp384r1") + requiresSha2+=(false) + current+=(true) + names+=("Firefox 66 (Win 8.1/10)") short+=("firefox_66_win") ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA") @@ -114,6 +136,28 @@ requiresSha2+=(false) current+=(true) + names+=("Opera 60 (Win 10)") + short+=("opera_60_win10") + ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA") + ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256") + sni+=("$SNI") + warning+=("") + handshakebytes+=("1603010200010001fc03033503bae63f0cf8ef9d0a55623327a28e3c3525a2ce28153242e132279d3940e3206a440f32e7a8488b012b12d4b7d1b2b1764c784a944662a7f305e90f7d15168500228a8a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191eaea000000000012001000000d7777772e6f706572612e636f6d00170000ff01000100000a000a0008caca001d00170018000b00020100002300c07505f51cc349fe3f9e022858dcd1eb12ca07a302fd9f43a4cbffec031296e77b07122bb9532dd112770b686a4898e20462c514c5fb043dc325a5453753c499774bfab673024a86543064c33d40b67b2e4e9dfa177305e8cdc39f3d8afe0fe7c80406a9e07ea836dd8a46ab7ef9aa5dc66301a346585f7ff26615a28cbea2544d4ba8101be6f528b4bba3a5ce9a6683537b29cd16d4c5015de6f9a93d3c132389e56ff20853d952f6ee06b46ca89dc52b67583fbb0fb61e2b78c03ef97892c6a90010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029caca000100001d00204aeb26ec670ce59e094a8b97c281186b4e87706df48667a24193e268a069cd54002d00020101002b000b0a3a3a0304030303020301001b00030200027a7a0001000015000b0000000000000000000000") + protos+=("-no_ssl2") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") + lowest_protocol+=("0x0300") + highest_protocol+=("0x0304") + alpn+=("h2,http/1.1") + service+=("HTTP,FTP") + minDhBits+=(-1) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + curves+=("X25519:secp256r1:secp384r1") + requiresSha2+=(false) + current+=(true) + names+=("OpenSSL 1.1.0j (Debian)") short+=("openssl_110j") ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")