Fix, header restore, TLS13 ciphers

This fixes a bug which prevented the script from running properly. Also
the commit restores writing a correct comment header. In addition it
adds TLS 1.3 ciphers.
This commit is contained in:
Dirk 2018-01-03 21:41:09 +01:00
parent 0bc1f6f708
commit 407358623e

View File

@ -4,7 +4,8 @@ use strict;
use Data::Dumper; use Data::Dumper;
use JSON; use JSON;
my $namelength = 30; # we get all data from here
my $json = `curl 'https://api.dev.ssllabs.com/api/v3/getClients'`;
my @spec; my @spec;
my %ciphers; my %ciphers;
@ -20,8 +21,8 @@ foreach my $line ( split /\n/, `../bin/openssl.Linux.x86_64 ciphers -V 'ALL:COMP
$ciphers{hex "0x$hex"} = $fields[3]; $ciphers{hex "0x$hex"} = $fields[3];
} }
my $namelength = 30;
# Get the data # Get the data
my $json = `curl 'https://api.dev.ssllabs.com/api/v3/getClients'`;
my $ssllabs = decode_json($json); my $ssllabs = decode_json($json);
my %sims; my %sims;
@ -73,6 +74,16 @@ foreach my $client ( @$ssllabs ) {
push @ciphers, "ECDHE-ECDSA-CHACHA20-POLY1305"; } push @ciphers, "ECDHE-ECDSA-CHACHA20-POLY1305"; }
elsif ( $suite == "52394" ) { elsif ( $suite == "52394" ) {
push @ciphers, "DHE-RSA-CHACHA20-POLY1305"; } push @ciphers, "DHE-RSA-CHACHA20-POLY1305"; }
elsif ( $suite == "4865" ) {
push @ciphers, "TLS13-AES-128-GCM-SHA256"; }
elsif ( $suite == "4866" ) {
push @ciphers, "TLS13-AES-256-GCM-SHA384"; }
elsif ( $suite == "4867" ) {
push @ciphers, "TLS13-CHACHA20-POLY1305-SHA256"; }
elsif ( $suite == "4868" ) {
push @ciphers, "TLS13-AES-128-CCM-SHA256"; }
elsif ( $suite == "4869" ) {
push @ciphers, "TLS13-AES-128-CCM-8-SHA256"; }
elsif ( $suite == "14906" ) { elsif ( $suite == "14906" ) {
if ( $has_matched ) { if ( $has_matched ) {
print " \"$shortname\": "; print " \"$shortname\": ";
@ -204,6 +215,7 @@ my $sim = {};
#$sim->{minEcdsaBits} = "minEcdsaBits+=(-1)"; #$sim->{minEcdsaBits} = "minEcdsaBits+=(-1)";
#$sim->{requiresSha2} = "requiresSha2+=(false)"; #$sim->{requiresSha2} = "requiresSha2+=(false)";
# example of self generated / provided handshake:
$sim->{name} = "names+=(\"Thunderbird 45.1.1 OSX 10.11 \")"; $sim->{name} = "names+=(\"Thunderbird 45.1.1 OSX 10.11 \")";
$sim->{shortname} = "short+=(\"thunderbird_45.1.1_osx_101115\")"; $sim->{shortname} = "short+=(\"thunderbird_45.1.1_osx_101115\")";
$sim->{ciphers} = "ciphers+=(\"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA\")"; $sim->{ciphers} = "ciphers+=(\"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA\")";
@ -328,15 +340,19 @@ foreach my $shortname ( reverse sort keys %sims ) {
} }
} }
open OUT, ">client-simulation_generated.txt" or die "Unable to open client-simulation_generated.txt";
# This file contains client handshake data used in the run_client_simulation function my $header = <<"EOF";
# Don't update this file by hand, but run util/update_client_sim_data.pl instead. # This file contains client handshake data used in the run_client_simulation() function.
# The one currently distributed with testssl.sh (etc/client-simulation.txt) has been generated # The file distributed with testssl.sh (etc/client-simulation.txt) has been generated
# from this script and manually edited (=which UA to show up) and sorted. # from this script and manually edited (=which UA to show up) and sorted.
#
# Most clients are taken from Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients # Most clients are taken from Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients
";
EOF
open OUT, ">client-simulation_generated.txt" or die "Unable to open client-simulation_generated.txt";
print OUT "$header";
foreach my $shortname ( sort keys %sims ) { foreach my $shortname ( sort keys %sims ) {
foreach my $k ( qw(name shortname ciphers sni warning handshakebytes protos lowestProtocol highestProtocol service foreach my $k ( qw(name shortname ciphers sni warning handshakebytes protos lowestProtocol highestProtocol service
minDhBits maxDhBits minRsaBits maxRsaBits minEcdsaBits requiresSha2 current) ) { minDhBits maxDhBits minRsaBits maxRsaBits minEcdsaBits requiresSha2 current) ) {