Fix incorrect client simulation data

In the data provided by https://api.dev.ssllabs.com/api/v3/getClients, Chrome 57 Win 7 and Firefox 53 Win 7 send ClientHellos that indicate support for TLSv1.3 draft 18, but the highest_protocol for each of these is specified as 0x0303. The result is that if the server being tested supports TLSV1.3 draft 18, `run_client_simulation()` will incorrectly report "No connection" for these servers since the DETECTED_TLS_VERSION (0x0304) will be higher than the specified highest_protocol.

This PR fixes the problem by changing the highest_protocol to 0x0304. Note that another solution to this problem would be to change the ClientHello messages for these two browsers. It is my understanding that TLSv1.3 is disabled by default for these browsers, so presumably the ClientHello messages would not specify TLSv1.3 support if they were configured with TLSv1.3 support disabled.
This commit is contained in:
David Cooper 2017-10-03 16:34:56 -04:00 committed by GitHub
parent f1efe6b7ba
commit 555ce31ab8

View File

@ -572,7 +572,7 @@
handshakebytes+=("1603010200010001fc0303300e33daa8f1f0d2d72c461a08851a34fe44df4e18ae5349aafb48e79dd69b650000223a3a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001b13a3a0000ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d00140012040308040401050308050501080606010201000500050100000000001200000010000e000c02683208687474702f312e3175500000000b000201000028002b00290a0a000100001d0020beb55ec17fee5371560958f78db49d4dc33723e42a200b24646b6d77a7a94867002d00020101002b000b0aaaaa7f12030303020301000a000a00080a0a001d00170018dada000100001500ec0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") handshakebytes+=("1603010200010001fc0303300e33daa8f1f0d2d72c461a08851a34fe44df4e18ae5349aafb48e79dd69b650000223a3a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001b13a3a0000ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d00140012040308040401050308050501080606010201000500050100000000001200000010000e000c02683208687474702f312e3175500000000b000201000028002b00290a0a000100001d0020beb55ec17fee5371560958f78db49d4dc33723e42a200b24646b6d77a7a94867002d00020101002b000b0aaaaa7f12030303020301000a000a00080a0a001d00170018dada000100001500ec0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
protos+=("-tls1_2 -tls1_1 -tls1") protos+=("-tls1_2 -tls1_1 -tls1")
lowest_protocol+=("0x0301") lowest_protocol+=("0x0301")
highest_protocol+=("0x0303") highest_protocol+=("0x0304")
service+=("HTTP,FTP") service+=("HTTP,FTP")
minDhBits+=(1024) minDhBits+=(1024)
maxDhBits+=(-1) maxDhBits+=(-1)
@ -1058,7 +1058,7 @@
handshakebytes+=("1603010200010001fc0303c6e53901883eada665bb773a45fb417e91d77d155c6092a7ad0f297f370c91d9000020130113031302c02bc02fcca9cca8c02cc030c013c01400330039002f0035000a010001b3001500b50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014001200000f6465762e73736c6c6162732e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000028006b0069001d0020ab2069b8be8cdd018bca89869f62bfbcc0e240b28ccc28f9c34a0c6c3d27b34300170041041abf1b74ecefdcb466e197a7be47fbbdbf4c6d10e8b9b73df21276a2dfc403db6db307b394465300de216b2a3ba47d87ce883adf65eae1e2a0adb821e0a64a06002b0009087f12030303020301ff030000000d0018001604030503060308040805080604010501060102030201002d00020101") handshakebytes+=("1603010200010001fc0303c6e53901883eada665bb773a45fb417e91d77d155c6092a7ad0f297f370c91d9000020130113031302c02bc02fcca9cca8c02cc030c013c01400330039002f0035000a010001b3001500b50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000014001200000f6465762e73736c6c6162732e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000028006b0069001d0020ab2069b8be8cdd018bca89869f62bfbcc0e240b28ccc28f9c34a0c6c3d27b34300170041041abf1b74ecefdcb466e197a7be47fbbdbf4c6d10e8b9b73df21276a2dfc403db6db307b394465300de216b2a3ba47d87ce883adf65eae1e2a0adb821e0a64a06002b0009087f12030303020301ff030000000d0018001604030503060308040805080604010501060102030201002d00020101")
protos+=("-tls1_2 -tls1_1 -tls1") protos+=("-tls1_2 -tls1_1 -tls1")
lowest_protocol+=("0x0301") lowest_protocol+=("0x0301")
highest_protocol+=("0x0303") highest_protocol+=("0x0304")
service+=("HTTP,FTP") service+=("HTTP,FTP")
minDhBits+=(1023) minDhBits+=(1023)
maxDhBits+=(-1) maxDhBits+=(-1)