Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1170 from dcooper16/fix990

Browse Source 
Fix #990
This commit is contained in:
Dirk Wetter
2018-12-04 21:36:49 +01:00
committed by GitHub
parent e9c5435c0a 93da0919a9
commit 78722ef982
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
testssl.sh
View File

@@ -11905,7 +11905,7 @@ prepare_tls_clienthello() {
local extension_signature_algorithms extension_heartbeat session_id local extension_signature_algorithms extension_heartbeat session_id
local extension_session_ticket extension_next_protocol extension_padding local extension_session_ticket extension_next_protocol extension_padding
local extension_supported_groups="" extension_supported_point_formats="" local extension_supported_groups="" extension_supported_point_formats=""
local extensions_key_share="" extn_type supported_groups_c2n="" local extensions_key_share="" extn_type supported_groups_c2n="" extn_psk_mode=""
local extra_extensions extra_extensions_list="" extension_supported_versions="" local extra_extensions extra_extensions_list="" extension_supported_versions=""
local offer_compression=false compression_methods local offer_compression=false compression_methods
@@ -12003,6 +12003,9 @@ prepare_tls_clienthello() {
extension_next_protocol=" extension_next_protocol="
33, 74, 00, 00" 33, 74, 00, 00"
extn_psk_mode="
00, 2d, 00, 02, 01, 01"
if "$ecc_cipher_suite_found"; then if "$ecc_cipher_suite_found"; then
# Supported Groups Extension # Supported Groups Extension
extension_supported_groups=" extension_supported_groups="
@@ -12124,6 +12127,15 @@ prepare_tls_clienthello() {
fi fi
fi fi
# There does not seem to be any reason to include this extension. However, it appears that
# OpenSSL, Firefox, and Chrome include it in TLS 1.3 ClientHello messages, and there is at
# least one server that will fail the connection if it is absent
# (see https://github.com/drwetter/testssl.sh/issues/990).
if [[ "0x$tls_low_byte" -ge "0x04" ]] && [[ ! "$extra_extensions_list" =~ " 002d " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extn_psk_mode"
fi
if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+="," [[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extension_session_ticket" all_extensions+="$extension_session_ticket"
@@ -15213,6 +15225,9 @@ run_grease() {
# values in the supported_versions extension. # values in the supported_versions extension.
# see https://www.ietf.org/mail-archive/web/tls/current/msg22319.html # see https://www.ietf.org/mail-archive/web/tls/current/msg22319.html
# TODO: For servers that support TLSv1.3, check that servers don't require the
# psk_key_exchange_modes extension to be present in the ClientHello.
if ! "$bug_found"; then if ! "$bug_found"; then
outln " No bugs found." outln " No bugs found."
fileout "$jsonID" "OK" "No bugs found." fileout "$jsonID" "OK" "No bugs found."