mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-28 20:39:45 +01:00
Add support for brainpool curves with TLS 1.3
This commit adds support for the curves brainpoolP256r1tls13, brainpoolP384r1tls13, and brainpoolP512r1tls13.
This commit is contained in:
David Cooper
parent
82fbd8076e
commit
5002dd23b1
@ -28,4 +28,7 @@
|
|||||||
27, brainpoolP384r1,
|
27, brainpoolP384r1,
|
||||||
28, brainpoolP512r1,
|
28, brainpoolP512r1,
|
||||||
29, curve25519,
|
29, curve25519,
|
||||||
30, curve448
|
30, curve448,
|
||||||
|
31, brainpoolP256r1tls13,
|
||||||
|
32, brainpoolP384r1tls13,
|
||||||
|
33, brainpoolP512r1tls13
|
||||||
|
|||||||
@ -124,8 +124,29 @@ MC4CAQAwBQYDK2VuBCIEIDhCPq41ufKeHdfVAp6KeS7qo8E43pd+ee+npH0sOqxL
|
|||||||
MEYCAQAwBQYDK2VvBDoEONDoNojolTC5A5LwJmEfj/NqVrkG2PsagQ0IxZJcwyhC
|
MEYCAQAwBQYDK2VvBDoEONDoNojolTC5A5LwJmEfj/NqVrkG2PsagQ0IxZJcwyhC
|
||||||
CrAkCbaEfSIdjRVr2ODIC8ByiHjIzqDu
|
CrAkCbaEfSIdjRVr2ODIC8ByiHjIzqDu
|
||||||
-----END PRIVATE KEY-----
|
-----END PRIVATE KEY-----
|
||||||
" "1f"
|
"
|
||||||
"20" "21" "22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
|
"-----BEGIN PRIVATE KEY-----
|
||||||
|
MIGIAgEAMBQGByqGSM49AgEGCSskAwMCCAEBBwRtMGsCAQEEID/S1T+6vhaiWJT6
|
||||||
|
2qbAFBlBi7Bd2fe6eRJlw6I2zm0eoUQDQgAEdk7i/WWNR873mVlffUL/XYPW04fd
|
||||||
|
eVf2KlfRUi8aoINfkxsw/yVVOuVfT8GivrEs1kT2iiy0Z+gyXDrYiSqP1w==
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
"
|
||||||
|
"-----BEGIN PRIVATE KEY-----
|
||||||
|
MIG6AgEAMBQGByqGSM49AgEGCSskAwMCCAEBCwSBnjCBmwIBAQQwbV1IckTIgFs6
|
||||||
|
YOOLLFeLmc6BLjqHUbLHLwZjI8TKNMIzYahhc9n5wgSyn+Psu3NWoWQDYgAEA/NN
|
||||||
|
eFinukOQpX+Alpccd0NnRL59YdYmhI5VSdQECDyUym4hH2L7uHXdOZaC/qxvPQxz
|
||||||
|
QDY3nqerDkwIB+rFj1qWOKzqyZt2KlVk2jE3Omsrhuo92Ai94X0LyW2SMRyh
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
"
|
||||||
|
"-----BEGIN PRIVATE KEY-----
|
||||||
|
MIHsAgEAMBQGByqGSM49AgEGCSskAwMCCAEBDQSB0DCBzQIBAQRAmfrMGcK0wj3D
|
||||||
|
QNMCwBQaQHY03cTJuQbjjFr1Mrqn73ARDxUel6xdklEWx3SE9gbG0KVGnCx/nslG
|
||||||
|
xS6XqyNhhqGBhQOBggAEDjRvgELV732xXBsz5NJuirkmran6haJy2Phqqc4qPROm
|
||||||
|
0iUjpSOrq0DV5MUE/0HhvzvOSqkSWr7nAefO1bovml+Fo5YT+KUsZJMYK7DlDtCb
|
||||||
|
79ZjkNvTbrsL9GVNvOmyUJv+PyxG1Zn6OsIxck747cJ/IGeOv7hcA+/J728TfWk=
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
|
"
|
||||||
|
"22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
|
||||||
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
|
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
|
||||||
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
|
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
|
||||||
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
|
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
|
||||||
@ -296,8 +317,10 @@ readonly -a TLS13_PUBLIC_KEY_SHARES=(
|
|||||||
"1a" "1b" "1c"
|
"1a" "1b" "1c"
|
||||||
"00,1d,00,20,4d,fa,57,44,b7,f7,48,b8,95,77,5a,c1,ff,86,bf,ae,f7,3a,33,69,54,de,6a,f5,2e,89,84,6c,f2,d8,b2,43"
|
"00,1d,00,20,4d,fa,57,44,b7,f7,48,b8,95,77,5a,c1,ff,86,bf,ae,f7,3a,33,69,54,de,6a,f5,2e,89,84,6c,f2,d8,b2,43"
|
||||||
"00,1e,00,38,6d,6d,67,a7,4e,3d,45,dd,ec,7e,a0,70,88,56,54,d8,c5,7c,4d,f3,8f,8b,f8,f2,14,06,1b,a0,4f,f7,ad,6b,3f,3a,90,42,41,8e,74,28,32,4a,a7,50,4a,7a,8e,42,55,eb,94,96,de,83,37,d6"
|
"00,1e,00,38,6d,6d,67,a7,4e,3d,45,dd,ec,7e,a0,70,88,56,54,d8,c5,7c,4d,f3,8f,8b,f8,f2,14,06,1b,a0,4f,f7,ad,6b,3f,3a,90,42,41,8e,74,28,32,4a,a7,50,4a,7a,8e,42,55,eb,94,96,de,83,37,d6"
|
||||||
"1f"
|
"00,1f,00,41,04,76,4e,e2,fd,65,8d,47,ce,f7,99,59,5f,7d,42,ff,5d,83,d6,d3,87,dd,79,57,f6,2a,57,d1,52,2f,1a,a0,83,5f,93,1b,30,ff,25,55,3a,e5,5f,4f,c1,a2,be,b1,2c,d6,44,f6,8a,2c,b4,67,e8,32,5c,3a,d8,89,2a,8f,d7"
|
||||||
"20" "21" "22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
|
"00,20,00,61,04,03,f3,4d,78,58,a7,ba,43,90,a5,7f,80,96,97,1c,77,43,67,44,be,7d,61,d6,26,84,8e,55,49,d4,04,08,3c,94,ca,6e,21,1f,62,fb,b8,75,dd,39,96,82,fe,ac,6f,3d,0c,73,40,36,37,9e,a7,ab,0e,4c,08,07,ea,c5,8f,5a,96,38,ac,ea,c9,9b,76,2a,55,64,da,31,37,3a,6b,2b,86,ea,3d,d8,08,bd,e1,7d,0b,c9,6d,92,31,1c,a1"
|
||||||
|
"00,21,00,81,04,0e,34,6f,80,42,d5,ef,7d,b1,5c,1b,33,e4,d2,6e,8a,b9,26,ad,a9,fa,85,a2,72,d8,f8,6a,a9,ce,2a,3d,13,a6,d2,25,23,a5,23,ab,ab,40,d5,e4,c5,04,ff,41,e1,bf,3b,ce,4a,a9,12,5a,be,e7,01,e7,ce,d5,ba,2f,9a,5f,85,a3,96,13,f8,a5,2c,64,93,18,2b,b0,e5,0e,d0,9b,ef,d6,63,90,db,d3,6e,bb,0b,f4,65,4d,bc,e9,b2,50,9b,fe,3f,2c,46,d5,99,fa,3a,c2,31,72,4e,f8,ed,c2,7f,20,67,8e,bf,b8,5c,03,ef,c9,ef,6f,13,7d,69"
|
||||||
|
"22" "23" "24" "25" "26" "27" "28" "29" "2a" "2b" "2c" "2d" "2e" "2f"
|
||||||
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
|
"30" "31" "32" "33" "34" "35" "36" "37" "38" "39" "3a" "3b" "3c" "3d" "3e" "3f"
|
||||||
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
|
"40" "41" "42" "43" "44" "45" "46" "47" "48" "49" "4a" "4b" "4c" "4d" "4e" "4f"
|
||||||
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
|
"50" "51" "52" "53" "54" "55" "56" "57" "58" "59" "5a" "5b" "5c" "5d" "5e" "5f"
|
||||||
|
|||||||
44
testssl.sh
44
testssl.sh
@ -6396,9 +6396,9 @@ pr_ecdh_curve_quality() {
|
|||||||
"prime256v1") bits=256 ;;
|
"prime256v1") bits=256 ;;
|
||||||
"secp384r1") bits=384 ;;
|
"secp384r1") bits=384 ;;
|
||||||
"secp521r1") bits=521 ;;
|
"secp521r1") bits=521 ;;
|
||||||
"brainpoolP256r1") bits=256 ;;
|
"brainpoolP256r1"*) bits=256 ;;
|
||||||
"brainpoolP384r1") bits=384 ;;
|
"brainpoolP384r1"*) bits=384 ;;
|
||||||
"brainpoolP512r1") bits=512 ;;
|
"brainpoolP512r1"*) bits=512 ;;
|
||||||
"X25519") bits=253 ;;
|
"X25519") bits=253 ;;
|
||||||
"X448") bits=448 ;;
|
"X448") bits=448 ;;
|
||||||
esac
|
esac
|
||||||
@ -10374,13 +10374,13 @@ run_fs() {
|
|||||||
local fs_cipher_list="DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-SEED-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-SEED-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305"
|
local fs_cipher_list="DHE-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA:DHE-DSS-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA:DHE-DSS-SEED-SHA:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-SEED-SHA:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA256-SHA384:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305"
|
||||||
local fs_hex_cipher_list="" ciphers_to_test tls13_ciphers_to_test
|
local fs_hex_cipher_list="" ciphers_to_test tls13_ciphers_to_test
|
||||||
local ecdhe_cipher_list="" tls13_cipher_list="" ecdhe_cipher_list_hex="" ffdhe_cipher_list_hex=""
|
local ecdhe_cipher_list="" tls13_cipher_list="" ecdhe_cipher_list_hex="" ffdhe_cipher_list_hex=""
|
||||||
local curves_hex=("00,01" "00,02" "00,03" "00,04" "00,05" "00,06" "00,07" "00,08" "00,09" "00,0a" "00,0b" "00,0c" "00,0d" "00,0e" "00,0f" "00,10" "00,11" "00,12" "00,13" "00,14" "00,15" "00,16" "00,17" "00,18" "00,19" "00,1a" "00,1b" "00,1c" "00,1d" "00,1e")
|
local curves_hex=("00,01" "00,02" "00,03" "00,04" "00,05" "00,06" "00,07" "00,08" "00,09" "00,0a" "00,0b" "00,0c" "00,0d" "00,0e" "00,0f" "00,10" "00,11" "00,12" "00,13" "00,14" "00,15" "00,16" "00,17" "00,18" "00,19" "00,1a" "00,1b" "00,1c" "00,1d" "00,1e" "00,1f" "00,20" "00,21")
|
||||||
local -a curves_ossl=("sect163k1" "sect163r1" "sect163r2" "sect193r1" "sect193r2" "sect233k1" "sect233r1" "sect239k1" "sect283k1" "sect283r1" "sect409k1" "sect409r1" "sect571k1" "sect571r1" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "prime192v1" "secp224k1" "secp224r1" "secp256k1" "prime256v1" "secp384r1" "secp521r1" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448")
|
local -a curves_ossl=("sect163k1" "sect163r1" "sect163r2" "sect193r1" "sect193r2" "sect233k1" "sect233r1" "sect239k1" "sect283k1" "sect283r1" "sect409k1" "sect409r1" "sect571k1" "sect571r1" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "prime192v1" "secp224k1" "secp224r1" "secp256k1" "prime256v1" "secp384r1" "secp521r1" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13")
|
||||||
local -a curves_ossl_output=("K-163" "sect163r1" "B-163" "sect193r1" "sect193r2" "K-233" "B-233" "sect239k1" "K-283" "B-283" "K-409" "B-409" "K-571" "B-571" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "P-192" "secp224k1" "P-224" "secp256k1" "P-256" "P-384" "P-521" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448")
|
local -a curves_ossl_output=("K-163" "sect163r1" "B-163" "sect193r1" "sect193r2" "K-233" "B-233" "sect239k1" "K-283" "B-283" "K-409" "B-409" "K-571" "B-571" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "P-192" "secp224k1" "P-224" "secp256k1" "P-256" "P-384" "P-521" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13")
|
||||||
local -ai curves_bits=(163 162 163 193 193 232 233 238 281 282 407 409 570 570 161 161 161 192 192 225 224 256 256 384 521 256 384 512 253 448)
|
local -ai curves_bits=(163 162 163 193 193 232 233 238 281 282 407 409 570 570 161 161 161 192 192 225 224 256 256 384 521 256 384 512 253 448 256 384 512)
|
||||||
# Many curves have been deprecated, and RFC 8446, Appendix B.3.1.4, states
|
# Many curves have been deprecated, and RFC 8446, Appendix B.3.1.4, states
|
||||||
# that these curves MUST NOT be offered in a TLS 1.3 ClientHello.
|
# that these curves MUST NOT be offered in a TLS 1.3 ClientHello.
|
||||||
local -a curves_deprecated=("true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "false" "false" "false" "true" "true" "true" "false" "false")
|
local -a curves_deprecated=("true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "true" "false" "false" "false" "true" "true" "true" "false" "false" "false" "false" "false")
|
||||||
local -a ffdhe_groups_hex=("01,00" "01,01" "01,02" "01,03" "01,04")
|
local -a ffdhe_groups_hex=("01,00" "01,01" "01,02" "01,03" "01,04")
|
||||||
local -a ffdhe_groups_output=("ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192")
|
local -a ffdhe_groups_output=("ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192")
|
||||||
local -a supported_curve
|
local -a supported_curve
|
||||||
@ -10740,6 +10740,9 @@ run_fs() {
|
|||||||
if [[ "$curve_found" == ECDH ]]; then
|
if [[ "$curve_found" == ECDH ]]; then
|
||||||
curve_found="${temp#*, }"
|
curve_found="${temp#*, }"
|
||||||
curve_found="${curve_found%%,*}"
|
curve_found="${curve_found%%,*}"
|
||||||
|
if "$HAS_TLS13" && [[ ! "$proto" == "-no_tls1_3" ]] && [[ "$curve_found" == brainpoolP[235][581][642]r1 ]]; then
|
||||||
|
[[ "$(get_protocol "$TMPFILE")" == TLSv1.3 ]] && curve_found+="tls13"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
for (( i=low; i < high; i++ )); do
|
for (( i=low; i < high; i++ )); do
|
||||||
if ! "${supported_curve[i]}"; then
|
if ! "${supported_curve[i]}"; then
|
||||||
@ -14403,6 +14406,9 @@ parse_tls_serverhello() {
|
|||||||
25) dh_bits=521 ; named_curve_str="P-521" ; named_curve_oid="06052b81040023" ;;
|
25) dh_bits=521 ; named_curve_str="P-521" ; named_curve_oid="06052b81040023" ;;
|
||||||
29) dh_bits=253 ; named_curve_str="X25519" ;;
|
29) dh_bits=253 ; named_curve_str="X25519" ;;
|
||||||
30) dh_bits=448 ; named_curve_str="X448" ;;
|
30) dh_bits=448 ; named_curve_str="X448" ;;
|
||||||
|
31) dh_bits=256 ; named_curve_str="brainpoolP256r1tls13" ; named_curve_oid="06092B2403030208010107" ;;
|
||||||
|
32) dh_bits=384 ; named_curve_str="brainpoolP384r1tls13" ; named_curve_oid="06092B240303020801010B" ;;
|
||||||
|
33) dh_bits=512 ; named_curve_str="brainpoolP512r1tls13" ; named_curve_oid="06092B240303020801010D" ;;
|
||||||
256) dh_bits=2048 ; named_curve_str="ffdhe2048" ;;
|
256) dh_bits=2048 ; named_curve_str="ffdhe2048" ;;
|
||||||
257) dh_bits=3072 ; named_curve_str="ffdhe3072" ;;
|
257) dh_bits=3072 ; named_curve_str="ffdhe3072" ;;
|
||||||
258) dh_bits=4096 ; named_curve_str="ffdhe4096" ;;
|
258) dh_bits=4096 ; named_curve_str="ffdhe4096" ;;
|
||||||
@ -15430,8 +15436,8 @@ prepare_tls_clienthello() {
|
|||||||
if [[ ! "$process_full" =~ all ]] || { "$HAS_X25519" && "$HAS_X448"; }; then
|
if [[ ! "$process_full" =~ all ]] || { "$HAS_X25519" && "$HAS_X448"; }; then
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,10, 00,0e, # lengths
|
00,16, 00,14, # lengths
|
||||||
00,1d, 00,17, 00,1e, 00,18, 00,19,
|
00,1d, 00,17, 00,1e, 00,18, 00,19, 00,1f, 00,20, 00,21,
|
||||||
01,00, 01,01"
|
01,00, 01,01"
|
||||||
# OpenSSL prior to 1.1.1 does not support X448, so list it as the least
|
# OpenSSL prior to 1.1.1 does not support X448, so list it as the least
|
||||||
# preferred option if the response needs to be decrypted, and do not
|
# preferred option if the response needs to be decrypted, and do not
|
||||||
@ -15439,14 +15445,14 @@ prepare_tls_clienthello() {
|
|||||||
elif "$HAS_X25519" && [[ "$process_full" == all+ ]]; then
|
elif "$HAS_X25519" && [[ "$process_full" == all+ ]]; then
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,0e, 00,0c, # lengths
|
00,14, 00,12, # lengths
|
||||||
00,1d, 00,17, 00,18, 00,19,
|
00,1d, 00,17, 00,18, 00,19, 00,1f, 00,20, 00,21,
|
||||||
01,00, 01,01"
|
01,00, 01,01"
|
||||||
elif "$HAS_X25519"; then
|
elif "$HAS_X25519"; then
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,10, 00,0e, # lengths
|
00,16, 00,14, # lengths
|
||||||
00,1d, 00,17, 00,18, 00,19,
|
00,1d, 00,17, 00,18, 00,19, 00,1f, 00,20, 00,21,
|
||||||
01,00, 01,01, 00,1e"
|
01,00, 01,01, 00,1e"
|
||||||
# OpenSSL prior to 1.1.0 does not support either X25519 or X448,
|
# OpenSSL prior to 1.1.0 does not support either X25519 or X448,
|
||||||
# so list them as the least referred options if the response
|
# so list them as the least referred options if the response
|
||||||
@ -15455,14 +15461,14 @@ prepare_tls_clienthello() {
|
|||||||
elif [[ "$process_full" == all+ ]]; then
|
elif [[ "$process_full" == all+ ]]; then
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,0c, 00,0a, # lengths
|
00,12, 00,10, # lengths
|
||||||
00,17, 00,18, 00,19,
|
00,17, 00,18, 00,19, 00,1f, 00,20, 00,21,
|
||||||
01,00, 01,01"
|
01,00, 01,01"
|
||||||
else
|
else
|
||||||
extension_supported_groups="
|
extension_supported_groups="
|
||||||
00,0a, # Type: Supported Groups, see RFC 8446
|
00,0a, # Type: Supported Groups, see RFC 8446
|
||||||
00,10, 00,0e, # lengths
|
00,16, 00,14, # lengths
|
||||||
00,17, 00,18, 00,19,
|
00,17, 00,18, 00,19, 00,1f, 00,20, 00,21,
|
||||||
01,00, 01,01, 00,1d, 00,1e"
|
01,00, 01,01, 00,1d, 00,1e"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -19911,7 +19917,7 @@ find_openssl_binary() {
|
|||||||
local openssl_location cwd=""
|
local openssl_location cwd=""
|
||||||
local ossl_wo_dev_info
|
local ossl_wo_dev_info
|
||||||
local curve
|
local curve
|
||||||
local -a curves_ossl=("sect163k1" "sect163r1" "sect163r2" "sect193r1" "sect193r2" "sect233k1" "sect233r1" "sect239k1" "sect283k1" "sect283r1" "sect409k1" "sect409r1" "sect571k1" "sect571r1" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "prime192v1" "secp224k1" "secp224r1" "secp256k1" "prime256v1" "secp384r1" "secp521r1" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192")
|
local -a curves_ossl=("sect163k1" "sect163r1" "sect163r2" "sect193r1" "sect193r2" "sect233k1" "sect233r1" "sect239k1" "sect283k1" "sect283r1" "sect409k1" "sect409r1" "sect571k1" "sect571r1" "secp160k1" "secp160r1" "secp160r2" "secp192k1" "prime192v1" "secp224k1" "secp224r1" "secp256k1" "prime256v1" "secp384r1" "secp521r1" "brainpoolP256r1" "brainpoolP384r1" "brainpoolP512r1" "X25519" "X448" "brainpoolP256r1tls13" "brainpoolP384r1tls13" "brainpoolP512r1tls13" "ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192")
|
||||||
|
|
||||||
# 0. check environment variable whether it's executable
|
# 0. check environment variable whether it's executable
|
||||||
if [[ -n "$OPENSSL" ]] && [[ ! -x "$OPENSSL" ]]; then
|
if [[ -n "$OPENSSL" ]] && [[ ! -x "$OPENSSL" ]]; then
|
||||||
|
|||||||
@ -295,6 +295,12 @@ foreach my $client ( @$ssllabs ) {
|
|||||||
push @curves, "X25519"; }
|
push @curves, "X25519"; }
|
||||||
elsif ( $curve == 30 ) {
|
elsif ( $curve == 30 ) {
|
||||||
push @curves, "X448"; }
|
push @curves, "X448"; }
|
||||||
|
elsif ( $curve == 31 ) {
|
||||||
|
push @curves, "brainpoolP256r1tls13"; }
|
||||||
|
elsif ( $curve == 32 ) {
|
||||||
|
push @curves, "brainpoolP384r1tls13"; }
|
||||||
|
elsif ( $curve == 33 ) {
|
||||||
|
push @curves, "brainpoolP512r1tls13"; }
|
||||||
}
|
}
|
||||||
$sim->{ellipticCurves} = "curves+=(\"" . (join ":", @curves) . "\")";
|
$sim->{ellipticCurves} = "curves+=(\"" . (join ":", @curves) . "\")";
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user