Add Opera 60 + Chrome 73

Chrome 74 update pending
2025-10-31 13:55:25 +01:00 · 2019-04-23 11:33:47 +02:00
parent d2f5c2633c
commit 3f99c2d2c8
2 changed files with 93 additions and 5 deletions
--- a/etc/client-simulation.wiresharked.txt
+++ b/etc/client-simulation.wiresharked.txt
@@ -6,14 +6,14 @@
 # Instructions how to add a client simulation:
 # * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
 # * Make sure you create a bit of encrypted traffic to a target of your choice 1) .
-# * Make sure the client traffic is specific: For just "Android" do not use a browser.
+# * Make sure the client traffic is specific: For just "Android" do not use a browser!
 # * Stop the recording.
 # * If needed sort for ClientHello.
-# * Look for the ClientHello which matches the source IP + destination IP you had in mind.
+# * Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
 # * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
 # * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
 # * Adjust "lowest_protocol" and "highest_protocol" accordingly.
-# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit GREASE.
+# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
 # * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010). 
 # * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
 # * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
@@ -23,7 +23,7 @@
 # * Before submitting a PR: test it yourself! You can also watch it again via wireshark
 #
 # 
-# 1) Attention: if you want to contribute it contains the target hostname (SNI)
+# 1) Attention, privacy: if you want to contribute it contains the target hostname (SNI)


     names+=("Android 8.1 (native)")
@@ -92,6 +92,28 @@
     requiresSha2+=(false)
     current+=(true)

+     names+=("Chrome 73 (Win 10)")
+     short+=("chrome_73_win10")
+     ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
+     ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
+     sni+=("$SNI")
+     warning+=("")
+     handshakebytes+=("1603010200010001fc0303a719e434922565bbd59fe0dfec21b7f5c8549fdf52566af99cce87ecb276992b20bbf979b5fbe4ebd1412e55ffe6b811e561d3f04ce451fc229d329babda4de91d00227a7a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001914a4a000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00205c2f12fabe8b2ff843aa9f347816b7d3a8b8c051f0830f4bbf13d44b5ec37c2b002d00020101002b000b0aeaea0304030303020301001b0003020002eaea000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+     protos+=("-no_ssl3 -no_ssl2")
+     tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
+     lowest_protocol+=("0x0301")
+     highest_protocol+=("0x0304")
+     alpn+=("h2,http/1.1")
+     service+=("HTTP,FTP")
+     minDhBits+=(1024)
+     maxDhBits+=(-1)
+     minRsaBits+=(-1)
+     maxRsaBits+=(-1)
+     minEcdsaBits+=(-1)
+     curves+=("X25519:secp256r1:secp384r1")
+     requiresSha2+=(false)
+     current+=(true)
+
     names+=("Firefox 66 (Win 8.1/10)")
     short+=("firefox_66_win")
     ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
@@ -114,6 +136,28 @@
     requiresSha2+=(false)
     current+=(true)

+     names+=("Opera 60 (Win 10)")
+     short+=("opera_60_win10")
+     ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
+     ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
+     sni+=("$SNI")
+     warning+=("")
+     handshakebytes+=("1603010200010001fc03033503bae63f0cf8ef9d0a55623327a28e3c3525a2ce28153242e132279d3940e3206a440f32e7a8488b012b12d4b7d1b2b1764c784a944662a7f305e90f7d15168500228a8a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191eaea000000000012001000000d7777772e6f706572612e636f6d00170000ff01000100000a000a0008caca001d00170018000b00020100002300c07505f51cc349fe3f9e022858dcd1eb12ca07a302fd9f43a4cbffec031296e77b07122bb9532dd112770b686a4898e20462c514c5fb043dc325a5453753c499774bfab673024a86543064c33d40b67b2e4e9dfa177305e8cdc39f3d8afe0fe7c80406a9e07ea836dd8a46ab7ef9aa5dc66301a346585f7ff26615a28cbea2544d4ba8101be6f528b4bba3a5ce9a6683537b29cd16d4c5015de6f9a93d3c132389e56ff20853d952f6ee06b46ca89dc52b67583fbb0fb61e2b78c03ef97892c6a90010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029caca000100001d00204aeb26ec670ce59e094a8b97c281186b4e87706df48667a24193e268a069cd54002d00020101002b000b0a3a3a0304030303020301001b00030200027a7a0001000015000b0000000000000000000000")
+     protos+=("-no_ssl2")
+     tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
+     lowest_protocol+=("0x0300")
+     highest_protocol+=("0x0304")
+     alpn+=("h2,http/1.1")
+     service+=("HTTP,FTP")
+     minDhBits+=(-1)
+     maxDhBits+=(-1)
+     minRsaBits+=(-1)
+     maxRsaBits+=(-1)
+     minEcdsaBits+=(-1)
+     curves+=("X25519:secp256r1:secp384r1")
+     requiresSha2+=(false)
+     current+=(true)
+
     names+=("OpenSSL 1.1.0j (Debian)")
     short+=("openssl_110j")
     ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")