Merge pull request #1464 from drwetter/further_handshakes

Further handshakes / minor changes

etc/client-simulation.txt

@@ -207,7 +207,7 @@
      lowest_protocol+=("0x0301")
      highest_protocol+=("0x0303")
      alpn+=("h2,http/1.1")
-     service+=("HTTP,FTP,SMTP,POP,IMAP")
+     service+=("ANY")
      minDhBits+=(-1)
      maxDhBits+=(-1)
      minRsaBits+=(-1)
@@ -229,14 +229,36 @@
      lowest_protocol+=("0x0301")
      highest_protocol+=("0x0304")
      alpn+=("h2,http/1.1")
-     service+=("HTTP,FTP,SMTP,POP,IMAP")
+     service+=("ANY")
      minDhBits+=(-1)
      maxDhBits+=(-1)
      minRsaBits+=(-1)
      maxRsaBits+=(-1)
      minEcdsaBits+=(-1)
      curves+=("X25519:secp256r1:secp384r1")
-     requiresSha2+=(true)
+     requiresSha2+=(false)
+     current+=(true)
+
+     names+=("Android 10.0 (native)")
+     short+=("android_X")
+     ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
+     ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
+     sni+=("$SNI")
+     warning+=("")
+     handshakebytes+=("1603010200010001fc0303b0e379bbe0d7058b2d0b548d7f240da621716032e8a1577d3f3a34c2cc6794c420c44a8b4cae0a1a53970f394f078373ad2cc8962a87fad719ff8a637633792a9a00223a3a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001919a9a00000000002500230000206b6964736d616e6167656d656e742d70612e676f6f676c65617069732e636f6d00170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d002068d49fc35d239c0ebf95fecdc700b5a4e3f99a7c3411f90c2dd51cb9431d3330002d00020101002b000b0a2a2a0304030303020301001b0003020002caca000100001500b800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+     protos+=("-no_ssl3 -no_ssl2")
+     tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
+     lowest_protocol+=("0x0301")
+     highest_protocol+=("0x0304")
+     alpn+=("h2,http/1.1")
+     service+=("ANY")
+     minDhBits+=(-1)
+     maxDhBits+=(-1)
+     minRsaBits+=(-1)
+     maxRsaBits+=(-1)
+     minEcdsaBits+=(-1)
+     curves+=("X25519:secp256r1:secp384r1")
+     requiresSha2+=(false)
      current+=(true)
 
      names+=("Chrome 27 Win 7")

etc/client-simulation.wiresharked.txt

@@ -17,7 +17,7 @@
      lowest_protocol+=("0x0301")
      highest_protocol+=("0x0303")
      alpn+=("h2,http/1.1")
-     service+=("HTTP,FTP,SMTP,POP,IMAP")
+     service+=("ANY")
      minDhBits+=(-1)
      maxDhBits+=(-1)
      minRsaBits+=(-1)
@@ -39,14 +39,36 @@
      lowest_protocol+=("0x0301")
      highest_protocol+=("0x0304")
      alpn+=("h2,http/1.1")
-     service+=("HTTP,FTP,SMTP,POP,IMAP")
+     service+=("ANY")
      minDhBits+=(-1)
      maxDhBits+=(-1)
      minRsaBits+=(-1)
      maxRsaBits+=(-1)
      minEcdsaBits+=(-1)
      curves+=("X25519:secp256r1:secp384r1")
-     requiresSha2+=(true)
+     requiresSha2+=(false)
+     current+=(true)
+
+     names+=("Android 10.0 (native)")
+     short+=("android_X")
+     ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
+     ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
+     sni+=("$SNI")
+     warning+=("")
+     handshakebytes+=("1603010200010001fc0303b0e379bbe0d7058b2d0b548d7f240da621716032e8a1577d3f3a34c2cc6794c420c44a8b4cae0a1a53970f394f078373ad2cc8962a87fad719ff8a637633792a9a00223a3a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001919a9a00000000002500230000206b6964736d616e6167656d656e742d70612e676f6f676c65617069732e636f6d00170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d002068d49fc35d239c0ebf95fecdc700b5a4e3f99a7c3411f90c2dd51cb9431d3330002d00020101002b000b0a2a2a0304030303020301001b0003020002caca000100001500b800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+     protos+=("-no_ssl3 -no_ssl2")
+     tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
+     lowest_protocol+=("0x0301")
+     highest_protocol+=("0x0304")
+     alpn+=("h2,http/1.1")
+     service+=("ANY")
+     minDhBits+=(-1)
+     maxDhBits+=(-1)
+     minRsaBits+=(-1)
+     maxRsaBits+=(-1)
+     minEcdsaBits+=(-1)
+     curves+=("X25519:secp256r1:secp384r1")
+     requiresSha2+=(false)
      current+=(true)
 
      names+=("Edge 17 Win 10")

utils/hexstream2cipher.sh

@@ -31,4 +31,6 @@ for ((i=0; i<len ; i+=4)); do
 done
 
 echo
-echo ${ciphers%:}
+# remove leading : because of GREASE, and trailing because of TLS_EMPTY_RENEGOTIATION_INFO_SCSV
+ciphers="${ciphers%:}"
+echo ${ciphers#:}