Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 09:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1192 from dcooper16/fix_second_clienthello

Browse Source 
Fix TLSv1.3 second ClientHello
This commit is contained in:
Dirk Wetter 2019-02-09 13:44:26 +01:00 committed by GitHub
commit 691ca28bb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
testssl.sh
View File

@ -4301,7 +4301,7 @@ modify_clienthello() {
offset+=+4 offset+=+4
len_extension=2*$(hex2dec "${tls_handshake_ascii:$offset:4}") len_extension=2*$(hex2dec "${tls_handshake_ascii:$offset:4}")
if [[ "$extension_type" == 0000 ]] && [[ -z "$key_share" ]]; then if [[ "$extension_type" == 0000 ]] && [[ -z "$new_key_share" ]]; then
# If this is an initial ClientHello, then either remove # If this is an initial ClientHello, then either remove
# the SNI extension or replace it with the correct server name. # the SNI extension or replace it with the correct server name.
sni_extension_found=true sni_extension_found=true
@ -4317,7 +4317,7 @@ modify_clienthello() {
tls_extensions+="000000${len_sni_ext}00${len_sni_listlen}0000${len_servername_hex}${servername_hexstr}" tls_extensions+="000000${len_sni_ext}00${len_sni_listlen}0000${len_servername_hex}${servername_hexstr}"
offset+=$len_extension+4 offset+=$len_extension+4
fi fi
elif [[ "$extension_type" != 00$KEY_SHARE_EXTN_NR ]] || [[ -z "$key_share" ]]; then elif [[ "$extension_type" != 00$KEY_SHARE_EXTN_NR ]] || [[ -z "$new_key_share" ]]; then
# If this is in response to a HelloRetryRequest, then do # If this is in response to a HelloRetryRequest, then do
# not copy over the old key_share extension, but # not copy over the old key_share extension, but
# all other extensions should be copied into the new ClientHello. # all other extensions should be copied into the new ClientHello.
@ -4326,12 +4326,16 @@ modify_clienthello() {
tls_extensions+="${tls_handshake_ascii:$offset:$len}" tls_extensions+="${tls_handshake_ascii:$offset:$len}"
offset+=$len offset+=$len
else else
# This is the key_share extension, and the modified ClientHello
# is being created in response to a HelloRetryRequest. Replace
# the existing key_share extension with the new one.
tls_extensions+="$new_key_share"
offset+=$len_extension+4 offset+=$len_extension+4
fi fi
done done
tls_extensions+="$new_key_share$cookie" tls_extensions+="$cookie"
if ! "$sni_extension_found" && [[ -z "$key_share" ]]; then if ! "$sni_extension_found" && [[ -z "$new_key_share" ]]; then
tm_out "$tls_handshake_ascii" tm_out "$tls_handshake_ascii"
return 0 return 0
fi fi