From 4f462eb718fd9d71dacd4b5bc42e762c6ef2366d Mon Sep 17 00:00:00 2001 From: David Cooper Date: Wed, 2 Oct 2019 13:21:08 -0400 Subject: [PATCH 1/4] Simplify determine_sizelimitbug() This PR takes advantage of the testing done by determine_optimal_sockets_params() in order to simplify determine_sizelimitbug(). By the time that determine_sizelimitbug() is called, determine_optimal_sockets_params() has already determined whether TLSv1.2 ClientHello with 128 ciphers (including 00FF) sent by tls_sockets() works, and it has set TLS12_CIPHER to a list of exactly 128 ciphers (including 00FF) that works with the server. So, determine_sizelimitbug() doesn't have to check whether the server supports TLSv1.2 and no longer needs to send tests using 127 or 128 ciphers. determine_sizelimitbug() can just perform one test with 129 ciphers, if the server supports TLSv1.2, and use the results to set $SERVER_SIZE_LIMIT_BUG. --- testssl.sh | 59 ++++++++++++++---------------------------------------- 1 file changed, 15 insertions(+), 44 deletions(-) diff --git a/testssl.sh b/testssl.sh index 6300d43..ca4ea3e 100755 --- a/testssl.sh +++ b/testssl.sh @@ -18193,68 +18193,39 @@ determine_service() { # Return value is 0 unless we have a problem executing # determine_sizelimitbug() { - local test_ciphers='CC,14, CC,13, CC,15, C0,30, C0,2C, C0,28, C0,24, 00,A5, 00,A3, 00,A1, 00,9F, CC,A9, CC,A8, CC,AA, C0,AF, C0,AD, C0,A3, C0,9F, 00,6B, 00,6A, 00,69, 00,68, C0,77, C0,73, 00,C4, 00,C3, 00,C2, 00,C1, C0,32, C0,2E, C0,2A, C0,26, C0,79, C0,75, 00,9D, C0,A1, C0,9D, 00,3D, 00,C0, C0,3D, C0,3F, C0,41, C0,43, C0,45, C0,49, C0,4B, C0,4D, C0,4F, C0,51, C0,53, C0,55, C0,57, C0,59, C0,5D, C0,5F, C0,61, C0,63, C0,7B, C0,7D, C0,7F, C0,81, C0,83, C0,87, C0,89, C0,8B, C0,8D, 16,B7, 16,B8, 16,B9, 16,BA, C0,2F, C0,2B, C0,27, C0,23, 00,A4, 00,A2, 00,A0, 00,9E, C0,AE, C0,AC, C0,A2, C0,9E, C0,A0, C0,9C, 00,67, 00,40, 00,3F, 00,3E, C0,76, C0,72, 00,BE, 00,BD, 00,BC, 00,BB, C0,31, C0,2D, C0,29, C0,25, C0,78, C0,74, 00,9C, 00,3C, 00,BA, C0,3C, C0,3E, C0,40, C0,42, C0,44, C0,48, C0,4A, C0,4C, C0,4E, C0,50, C0,52, C0,54, C0,56, C0,58, C0,5C, C0,5E, C0,60, C0,62, C0,7A, C0,7C, C0,7E, C0,80, C0,82' - local overflow_cipher1='C0,86' - local overflow_cipher2='C0,88' + # overflow_cipher must be some cipher that does not appear in TLS12_CIPHER. + local overflow_cipher='C0,86' + local -i nr_ciphers # For STARTTLS protcols not being implemented yet via sockets this is a bypass otherwise it won't be usable at all (e.g. LDAP) # Fixme: find out whether we can't skip this in general for STARTTLS [[ "$STARTTLS" =~ ldap ]] && return 0 [[ "$STARTTLS" =~ irc ]] && return 0 - debugme echo -n "${FUNCNAME[0]} starting at # of ciphers (excl. 00FF): " - debugme echo "$(tr ' ' '\n' <<< "$test_ciphers" | wc -l)" # Only with TLS 1.2 offered at the server side it is possible to hit this bug, in practise. Thus # we assume if TLS 1.2 is not supported, the server has no cipher size limit bug. It still may, # theoretically, but in a regular check with testssl.sh we won't hit this limit with lower protocols. - # Upon calling this function we may know already whether TLS 1.2 is supported. If not we just - # check for it (and add it to the known protocols to be supported). - # Then we send 127 ciphers, check whether they work, and increase it by one and check again. The - # limit bug should occur @ 128 ciphers. To be sure we test until 129 ciphers. + # Upon calling this function we already know whether TLS 1.2 is supported. If TLS 1.2 is supported, we + # send 129 ciphers (including 00FF) and check whether it works. if [[ 1 -eq $(has_server_protocol 03) ]]; then SERVER_SIZE_LIMIT_BUG=false - elif [[ 0 -eq $(has_server_protocol 03) ]]; then - debugme echo "Sending 127 ciphers" - tls_sockets 03 "${test_ciphers}, 00,FF" - if [[ $? -eq 0 ]]; then - debugme echo "Sending 128 ciphers" - tls_sockets 03 "${test_ciphers}, ${overflow_cipher1}, 00,FF" - if [[ $? -ne 0 ]]; then - SERVER_SIZE_LIMIT_BUG=true + else + if [[ "$DEBUG" -ge 1 ]]; then + nr_ciphers="$(tr ' ' '\n' <<< "${overflow_cipher}, $TLS12_CIPHER" | sed -e '/^$/d' | wc -l)" + if [[ $nr_ciphers -ne 129 ]]; then + prln_warning "FIXME line $LINENO, ${FUNCNAME[0]} sending $nr_ciphers ciphers rather than 129." else - debugme echo "Sending 129 ciphers" - tls_sockets 03 "${test_ciphers}, ${overflow_cipher1}, ${overflow_cipher2}, 00,FF" - if [[ $? -ne 0 ]]; then - SERVER_SIZE_LIMIT_BUG=true - else - SERVER_SIZE_LIMIT_BUG=false - fi + debugme echo "${FUNCNAME[0]} sending $nr_ciphers ciphers" fi - debugme echo -e "\nSERVER_SIZE_LIMIT_BUG: $SERVER_SIZE_LIMIT_BUG" - else - pr_warning "FIXME line $LINENO, TLS 1.2 handshake in ${FUNCNAME[0]} failed" - return 1 fi - elif [[ 2 -eq $(has_server_protocol 03) ]]; then - tls_sockets 03 "${test_ciphers}, 00,FF" + tls_sockets 03 "${overflow_cipher}, ${TLS12_CIPHER}" if [[ $? -eq 0 ]]; then - add_tls_offered tls1_2 yes - tls_sockets 03 "${test_ciphers}, ${overflow_cipher1}, 00,FF" - if [[ $? -ne 0 ]]; then - SERVER_SIZE_LIMIT_BUG=true - else - tls_sockets 03 "${test_ciphers}, ${overflow_cipher1}, ${overflow_cipher2}, 00,FF" - if [[ $? -ne 0 ]]; then - SERVER_SIZE_LIMIT_BUG=true - else - SERVER_SIZE_LIMIT_BUG=false - fi - fi - debugme echo -e "\nSERVER_SIZE_LIMIT_BUG: $SERVER_SIZE_LIMIT_BUG" + SERVER_SIZE_LIMIT_BUG=false else - debugme echo -e "\nNo TLS 1.2 in ${FUNCNAME[0]} found" + SERVER_SIZE_LIMIT_BUG=true fi + debugme echo -e "\nSERVER_SIZE_LIMIT_BUG: $SERVER_SIZE_LIMIT_BUG" fi if "$SERVER_SIZE_LIMIT_BUG"; then out " Pre-test: " From 30b93d4c726c3cd668b3bd9c63f5d51dbae860e2 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 4 Oct 2019 16:55:09 -0400 Subject: [PATCH 2/4] Use determine_optimal_sockets_params() in run_protocols() This PR modifies run_protocols() to use the information collected by determine_optimal_sockets_params(). If it has already been determined that a protocol is supported, then no test is run. run_protocols() will still run a test for a protocol even if it has been determined that the server does not support that protocol. The reason for running the test is to verify that the server handles version negotiation correctly. This could be a TLSv1 server that rejects a TLSv1.2 or TLSv1.3 ClientHello, or it could happen in the opposite direction. At one point there was a server that would respond to an SSLv3 ClientHello with a TLSv1.2 ServerHello. This PR required a couple of changes to determine_optimal_sockets_params() so that additional information could be passed to run_protocols(). If the server supports TLS 1.3, then run_protocols() needs to know which version (RFC 8446, draft 28, draft 27, etc.) rather than just that TLS 1.3 is supported. If the server supports TLS 1.2, but not TLS 1.3, then run_protocols() needs to know about at least one TLS 1.2 cipher that the server supports so that it can form a TLS 1.3 ClientHello that has no more than 128 ciphers and that should result in the server returning a TLS 1.2 ServerHello. --- testssl.sh | 112 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 37 deletions(-) diff --git a/testssl.sh b/testssl.sh index 6300d43..632accf 100755 --- a/testssl.sh +++ b/testssl.sh @@ -285,6 +285,7 @@ NR_SOCKET_FAIL=0 # Counter for socket failures NR_OSSL_FAIL=0 # .. for OpenSSL connects NR_HEADER_FAIL=0 # .. for HTTP_GET PROTOS_OFFERED="" # This keeps which protocol is being offered. See has_server_protocol(). +TLS12_CIPHER_OFFERED="" # This contains the hexcode of a cipher known to be supported by the server with TLS 1.2 CURVES_OFFERED="" # This keeps which curves have been detected. Just for error handling KNOWN_OSSL_PROB=false # We need OpenSSL a few times. This variable is an indicator if we can't connect. Eases handling DETECTED_TLS_VERSION="" # .. as hex string, e.g. 0300 or 0303 @@ -4868,7 +4869,7 @@ run_protocols() { local tls13_ciphers_to_test="" local i drafts_offered="" drafts_offered_str="" supported_versions debug_recomm="" local tls12_detected_version - local -i ret=0 ret_val_tls12=0 ret_val_tls13=0 + local -i ret=0 ret_val_ssl3 ret_val_tls1 ret_val_tls11 ret_val_tls12=0 ret_val_tls13=0 local offers_tls13=false local jsonID="SSLv2" @@ -4962,12 +4963,16 @@ run_protocols() { pr_bold " SSLv3 "; jsonID="SSLv3" - if "$using_sockets"; then + if [[ $(has_server_protocol ssl3) -eq 0 ]]; then + ret_val_ssl3=0 + elif "$using_sockets"; then tls_sockets "00" "$TLS_CIPHER" + ret_val_ssl3=$? else run_prototest_openssl "-ssl3" + ret_val_ssl3=$? fi - case $? in + case $ret_val_ssl3 in 0) prln_svrty_high "offered (NOT ok)" fileout "$jsonID" "HIGH" "offered" latest_supported="0300" @@ -5024,12 +5029,16 @@ run_protocols() { pr_bold " TLS 1 "; jsonID="TLS1" - if "$using_sockets"; then + if [[ $(has_server_protocol tls1) -eq 0 ]]; then + ret_val_tls1=0 + elif "$using_sockets"; then tls_sockets "01" "$TLS_CIPHER" + ret_val_tls1=$? else run_prototest_openssl "-tls1" + ret_val_tls1=$? fi - case $? in + case $ret_val_tls1 in 0) pr_svrty_low "offered" ; outln " (deprecated)" fileout "$jsonID" "LOW" "offered (deprecated)" latest_supported="0301" @@ -5098,12 +5107,16 @@ run_protocols() { pr_bold " TLS 1.1 "; jsonID="TLS1_1" - if "$using_sockets"; then + if [[ $(has_server_protocol tls1_1) -eq 0 ]]; then + ret_val_tls11=0 + elif "$using_sockets"; then tls_sockets "02" "$TLS_CIPHER" + ret_val_tls11=$? else run_prototest_openssl "-tls1_1" + ret_val_tls11=$? fi - case $? in + case $ret_val_tls11 in 0) pr_svrty_low "offered" ; outln " (deprecated)" fileout "$jsonID" "LOW" "offered (deprecated)" latest_supported="0302" @@ -5176,35 +5189,36 @@ run_protocols() { # Now, we are doing a basic/pre test for TLS 1.2 and 1.3 in order not to penalize servers (medium) # running TLS 1.3 only when TLS 1.2 is not offered. 0 and 5 are the return codes for # TLS 1.3 support (kind of, including deprecated pre-versions of TLS 1.3) - if "$using_sockets"; then + if [[ $(has_server_protocol tls1_2) -eq 0 ]]; then + ret_val_tls12=0 + elif "$using_sockets"; then tls_sockets "03" "$TLS12_CIPHER" ret_val_tls12=$? tls12_detected_version="$DETECTED_TLS_VERSION" + else + run_prototest_openssl "-tls1_2" + ret_val_tls12=$? + fi + + if [[ $(has_server_protocol tls1_3) -eq 0 ]]; then + ret_val_tls13=0 + elif "$using_sockets"; then # Need to ensure that at most 128 ciphers are included in ClientHello. - # If the TLSv1.2 test was successful, then use the 5 TLSv1.3 ciphers - # plus the cipher selected in the TLSv1.2 test. If the TLSv1.2 test was - # not successful, then just use the 5 TLSv1.3 ciphers plus the list of - # ciphers used in all of the previous tests ($TLS_CIPHER). - if [[ $ret_val_tls12 -eq 0 ]] || [[ $ret_val_tls12 -eq 2 ]]; then - tls13_ciphers_to_test="$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")" - if [[ "$tls13_ciphers_to_test" == TLS_* ]] || [[ "$tls13_ciphers_to_test" == SSL_* ]]; then - tls13_ciphers_to_test="$(rfc2hexcode "$tls13_ciphers_to_test")" - else - tls13_ciphers_to_test="$(openssl2hexcode "$tls13_ciphers_to_test")" - fi - fi - if [[ ${#tls13_ciphers_to_test} -eq 9 ]]; then - tls13_ciphers_to_test="$TLS13_CIPHER, ${tls13_ciphers_to_test:2:2},${tls13_ciphers_to_test:7:2}, 00,ff" + # If the TLSv1.2 test in determine_optimal_sockets_params() was successful, + # then use the 5 TLSv1.3 ciphers plus the cipher selected in the TLSv1.2 test. + # If the TLSv1.2 test was not successful, then just use the 5 TLSv1.3 ciphers + # plus the list of ciphers used in all of the previous tests ($TLS_CIPHER). + if [[ -n "$TLS12_CIPHER_OFFERED" ]]; then + tls13_ciphers_to_test="$TLS13_CIPHER, $TLS12_CIPHER_OFFERED, 00,ff" else tls13_ciphers_to_test="$TLS13_CIPHER,$TLS_CIPHER" fi tls_sockets "04" "$tls13_ciphers_to_test" + ret_val_tls13=$? else - run_prototest_openssl "-tls1_2" - ret_val_tls12=$? run_prototest_openssl "-tls1_3" + ret_val_tls13=$? fi - ret_val_tls13=$? if [[ $ret_val_tls13 -eq 0 ]] || [[ $ret_val_tls13 -eq 5 ]]; then offers_tls13=true # This variable comes in handy for further if statements below fi @@ -5300,17 +5314,13 @@ run_protocols() { prln_svrty_best "offered (OK)" fileout "$jsonID" "OK" "offered" else - # Determine which version of TLS 1.3 was offered. For drafts 18-21 the - # version appears in the ProtocolVersion field of the ServerHello. For - # drafts 22-28 and the final TLS 1.3 the ProtocolVersion field contains - # 0303 and the actual version appears in the supported_versions extension. - if [[ "${TLS_SERVER_HELLO:8:3}" == 7F1 ]]; then - drafts_offered+=" ${TLS_SERVER_HELLO:8:4} " - elif [[ "$TLS_SERVER_HELLO" =~ 002B00020304 ]]; then + # If TLS 1.3 is offered, then its support was detected + # by determine_optimal_sockets_params(). + if [[ $(has_server_protocol tls1_3_rfc8446) -eq 0 ]]; then drafts_offered+=" 0304 " else for i in 1C 1B 1A 19 18 17 16 15 14 13 12; do - if [[ "$TLS_SERVER_HELLO" =~ 002B00027F$i ]]; then + if [[ $(has_server_protocol tls1_3_draft$(hex2dec "$i")) -eq 0 ]]; then drafts_offered+=" 7F$i " break fi @@ -5457,8 +5467,9 @@ run_protocols() { [[ $? -ne 0 ]] && exit $ERR_CLUELESS fi - if [[ "$PROTOS_OFFERED" =~ tls1_3:yes ]]; then - if [[ ! "${PROTOS_OFFERED//tls1_3:yes /}" =~ yes ]]; then + if [[ "$(has_server_protocol "tls1_3")" -eq 0 ]]; then + if [[ "$(has_server_protocol "tls1_2")" -ne 0 ]] && [[ "$(has_server_protocol "tls1_1")" -ne 0 ]] && + [[ "$(has_server_protocol "tls1")" -ne 0 ]] && [[ "$(has_server_protocol "ssl3")" -ne 0 ]]; then TLS13_ONLY=true if ! "$HAS_TLS13"; then pr_magenta " $NODE:$PORT appears to support TLS 1.3 ONLY. You better use --openssl=" @@ -17804,8 +17815,8 @@ sclient_auth() { # This information can be used by determine_optimal_proto() to help distinguish between a server # that is not TLS/SSL enabled and one that is not compatible with the version of OpenSSL being used. determine_optimal_sockets_params() { - local -i ret1 ret2 - local proto + local -i ret1=1 ret2=1 + local i proto cipher_offered local all_failed=true # If a STARTTLS protocol is specified and $SSL_NATIVE is true, then skip this test, since @@ -17832,6 +17843,24 @@ determine_optimal_sockets_params() { KEY_SHARE_EXTN_NR="33" fi fi + if ! "$all_failed"; then + # Determine which version of TLS 1.3 was offered. For drafts 18-21 the + # version appears in the ProtocolVersion field of the ServerHello. For + # drafts 22-28 and the final TLS 1.3 the ProtocolVersion field contains + # 0303 and the actual version appears in the supported_versions extension. + if [[ "${TLS_SERVER_HELLO:8:3}" == 7F1 ]]; then + add_tls_offered tls1_3_draft$(hex2dec "${TLS_SERVER_HELLO:10:2}") yes + elif [[ "$TLS_SERVER_HELLO" =~ 002B00020304 ]]; then + add_tls_offered tls1_3_rfc8446 yes + else + for i in 1C 1B 1A 19 18 17 16 15 14 13 12; do + if [[ "$TLS_SERVER_HELLO" =~ 002B00027F$i ]]; then + add_tls_offered tls1_3_draft$(hex2dec "$i") yes + break + fi + done + fi + fi # Need to determine which set of ciphers is best to use with # a TLSv1.2 ClientHello since there are far more than 128 ciphers @@ -17873,6 +17902,15 @@ determine_optimal_sockets_params() { all_failed=false fi fi + if [[ $ret1 -eq 0 ]] || [[ $ret2 -eq 0 ]]; then + cipher_offered="$(get_cipher "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")" + if [[ "$cipher_offered" == TLS_* ]] || [[ "$cipher_offered" == SSL_* ]]; then + cipher_offered="$(rfc2hexcode "$cipher_offered")" + else + cipher_offered="$(openssl2hexcode "$cipher_offered")" + fi + [[ ${#cipher_offered} -eq 9 ]] && TLS12_CIPHER_OFFERED="${cipher_offered:2:2},${cipher_offered:7:2}" + fi if "$all_failed"; then # One of the following must be true: From 877d4443001fb0b91dffcb2943abd7f4ffcc686c Mon Sep 17 00:00:00 2001 From: David Cooper Date: Mon, 7 Oct 2019 10:21:04 -0400 Subject: [PATCH 3/4] Warn if bad version negotiation detected There are a few places where testssl.sh sends a TLS 1.2 (or TLS 1.3) ClientHello and expects the server to respond with a ServerHello as long as it supports TLS 1.2 (or TLS 1.3) or earlier. run_protocols() performs a fairly thorough check for a server's ability to handle version negotiation, but the problem may also be caught by determine_optimal_sockets_params(), if the server rejects a TLS 1.2 ClientHello even though it supports some earlier protocol version. In the future, we could try to make use of $OPTIMAL_SOCKETS_PROTO in order to make testssl.sh work a bit better with servers (if any still exist) that don't handle version negotiation correctly. At the moment, though, this PR just prints a warning to the user that the server is buggy, and that this may lead to problems in the scan. It doesn't call fileout() to add anything to the JSON/CSV output, since run_protocols() should already be doing that. --- testssl.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/testssl.sh b/testssl.sh index 6300d43..7a8902b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17905,6 +17905,9 @@ determine_optimal_sockets_params() { sslv2_sockets [[ $? -eq 3 ]] && all_failed=false && add_tls_offered ssl2 yes fi + if [[ -n "$OPTIMAL_SOCKETS_PROTO" ]]; then + prln_warning " $NODEIP:$PORT doesn't seem to handle version negotiation correctly. This may lead to some false positives and/or false negatives." + fi return 0 } From 23b845c11b0007092b1792903595383f70dc2286 Mon Sep 17 00:00:00 2001 From: Christoph Settgast Date: Wed, 16 Oct 2019 20:36:08 +0200 Subject: [PATCH 4/4] Update Safari to 13.0 and macOS to 10.14 manually wiresharked, now with TLS1.3 for macOS as well. --- etc/client-simulation.txt | 22 ++++++++++++++++++++++ etc/client-simulation.wiresharked.txt | 22 ++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/etc/client-simulation.txt b/etc/client-simulation.txt index eea4c6c..fec2110 100644 --- a/etc/client-simulation.txt +++ b/etc/client-simulation.txt @@ -2238,6 +2238,28 @@ maxRsaBits+=(-1) minEcdsaBits+=(-1) requiresSha2+=(false) + current+=(false) + + names+=("Safari 13.0 (macOS 10.14.6)") + short+=("safari_130_osx_10146") + ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA") + ciphersuites+=("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:") + sni+=("$SNI") + warning+=("") + handshakebytes+=("1603010200010001fc030320ed560be50a8d6545d0409dfc0f6fd560d886fc62a514ee9923c642455fb5832084efe206b1c656b3abab810251eb260834abb7b0ec0d30450e50594c3a7f74120034130313011302c02cc02bc024c023c00ac009cca9c030c02fc028c027c014c013cca8009d009c003d003c0035002fc008c012000a0100017fff0100010000000010000e00000b6369706865726c692e737400170000000d0018001604030804040105030203080508050501080606010201000500050100000000337400000012000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e31000b00020100003300260024001d00205465c46a55942e9fe02115c0cc2ab46ee074d4d164222f2ce6510bd91fa18419002d00020101002b0009080304030303020301000a000a0008001d001700180019001500ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + protos+=("-no_ssl3 -no_ssl2") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") + lowest_protocol+=("0x0301") + highest_protocol+=("0x0304") + alpn+=("h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1") + service+=("HTTP") + curves+=("X25519:secp256r1:secp384r1:secp521r1") + minDhBits+=(1024) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + requiresSha2+=(false) current+=(true) names+=("Apple ATS 9 iOS 9") diff --git a/etc/client-simulation.wiresharked.txt b/etc/client-simulation.wiresharked.txt index 3a5c94b..8c342bb 100644 --- a/etc/client-simulation.wiresharked.txt +++ b/etc/client-simulation.wiresharked.txt @@ -330,3 +330,25 @@ minEcdsaBits+=(-1) requiresSha2+=(false) current+=(true) + + names+=("Safari 13.0 (macOS 10.14.6)") + short+=("safari_130_osx_10146") + ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA") + ciphersuites+=("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:") + sni+=("$SNI") + warning+=("") + handshakebytes+=("1603010200010001fc030320ed560be50a8d6545d0409dfc0f6fd560d886fc62a514ee9923c642455fb5832084efe206b1c656b3abab810251eb260834abb7b0ec0d30450e50594c3a7f74120034130313011302c02cc02bc024c023c00ac009cca9c030c02fc028c027c014c013cca8009d009c003d003c0035002fc008c012000a0100017fff0100010000000010000e00000b6369706865726c692e737400170000000d0018001604030804040105030203080508050501080606010201000500050100000000337400000012000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e31000b00020100003300260024001d00205465c46a55942e9fe02115c0cc2ab46ee074d4d164222f2ce6510bd91fa18419002d00020101002b0009080304030303020301000a000a0008001d001700180019001500ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000") + protos+=("-no_ssl3 -no_ssl2") + tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1") + lowest_protocol+=("0x0301") + highest_protocol+=("0x0304") + alpn+=("h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1") + service+=("HTTP") + curves+=("X25519:secp256r1:secp384r1:secp521r1") + minDhBits+=(1024) + maxDhBits+=(-1) + minRsaBits+=(-1) + maxRsaBits+=(-1) + minEcdsaBits+=(-1) + requiresSha2+=(false) + current+=(true)