Update TLS12_CIPHER

Update `$TLS12_CIPHER` to contain only 128 ciphers (so that it will work with servers that can't handle larger ClientHello messages), and also add some newer ciphers to `$TLS12_CIPHER`. Also define a `$TLS12_CIPHER_2ND_TRY` containing a list of 127 ciphers that do not appear in `$TLS12_CIPHER`. `$TLS12_CIPHER_2ND_TRY` is used in `run_protocols()` in order to perform a second test against servers that do not establish a TLSv1.2 connection when offered `$TLS12_CIPHER`.
2025-01-01 06:19:44 +01:00 · 2017-07-28 12:14:44 -04:00 · 2017-07-28 12:14:44 -04:00 · 7ccb611d13
commit 7ccb611d13
parent a20d98bbfa
1 changed files with 34 additions and 16 deletions
--- a/etc/tls_data.txt
+++ b/etc/tls_data.txt
@ -1,25 +1,43 @@

 # data we need for socket based handshakes

-# 133 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN
+# 124 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN
 readonly TLS12_CIPHER="
-cc,14, cc,13, cc,15, c0,30, c0,2c, c0,28, c0,24, c0,14,
-c0,0a, c0,22, c0,21, c0,20, 00,a5, 00,a3, 00,a1, 00,9f,
-00,6b, 00,6a, 00,69, 00,68, 00,39, 00,38, 00,37, 00,36, 00,80, 00,81, 00,82, 00,83,
-c0,77, c0,73, 00,c4, 00,c3, 00,c2, 00,c1, 00,88, 00,87,
-00,86, 00,85, c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05,
-c0,79, c0,75, 00,9d, 00,3d, 00,35, 00,c0, 00,84, c0,2f,
-c0,2b, c0,27, c0,23, c0,13, c0,09, c0,1f, c0,1e, c0,1d,
-00,a4, 00,a2, 00,a0, 00,9e, 00,67, 00,40, 00,3f, 00,3e,
-00,33, 00,32, 00,31, 00,30, c0,76, c0,72, 00,be, 00,bd,
+c0,30, c0,2c, c0,28, c0,24, c0,14, c0,0a, 00,9f, 00,6b,
+00,39, 00,9d, 00,3d, 00,35, c0,2f, c0,2b, c0,27, c0,23,
+c0,13, c0,09, 00,9e, 00,67, 00,33, 00,9c, 00,3c, 00,2f,
+cc,a9, cc,a8, cc,aa, cc,14, cc,13, cc,15, 00,a5, 00,a3,
+00,a1, 00,6a, 00,69, 00,68, 00,38, 00,37, 00,36, c0,77,
+c0,73, 00,c4, 00,c3, 00,c2, 00,c1, 00,88, 00,87, 00,86,
+00,85, c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05, c0,79,
+c0,75, 00,c0, 00,84, 00,a4, 00,a2, 00,a0, 00,40, 00,3f,
+00,3e, 00,32, 00,31, 00,30, c0,76, c0,72, 00,be, 00,bd,
 00,bc, 00,bb, 00,9a, 00,99, 00,98, 00,97, 00,45, 00,44,
 00,43, 00,42, c0,31, c0,2d, c0,29, c0,25, c0,0e, c0,04,
-c0,78, c0,74, 00,9c, 00,3c, 00,2f, 00,ba, 00,96, 00,41,
-00,07, c0,11, c0,07, 00,66, c0,0c, c0,02, 00,05, 00,04,
-c0,12, c0,08, c0,1c, c0,1b, c0,1a, 00,16, 00,13, 00,10,
-00,0d, c0,0d, c0,03, 00,0a, 00,63, 00,15, 00,12, 00,0f,
-00,0c, 00,62, 00,09, 00,65, 00,64, 00,14, 00,11, 00,0e,
-00,0b, 00,08, 00,06, 00,03, 00,ff"
+c0,78, c0,74, 00,ba, 00,96, 00,41, 00,07, c0,11, c0,07,
+00,66, c0,0c, c0,02, 00,05, 00,04, c0,12, c0,08, 00,16,
+00,13, 00,10, 00,0d, c0,0d, c0,03, 00,0a, 00,80, 00,81,
+00,82, 00,83, 00,63, 00,15, 00,12, 00,0f, 00,0c, 00,62,
+00,09, 00,65, 00,64, 00,14, 00,11, 00,08, 00,03, 00,ff"
+
+# 127 less common ciphers for TLS 1.2 and SPDY/NPN HTTP2/ALPN
+readonly TLS12_CIPHER_2ND_TRY="
+c0,22, c0,21, c0,20, 00,b7, 00,b3, 00,91, c0,9b, c0,99,
+c0,97, 00,af, c0,95, c0,af, c0,ad, c0,a3, c0,9f, c0,19,
+00,a7, 00,6d, 00,3a, 00,c5, 00,89, 00,ad, 00,ab, cc,ae,
+cc,ad, cc,ac, c0,ab, c0,a7, c0,a1, c0,9d, 00,a9, cc,ab,
+c0,a9, c0,a5, c0,38, c0,36, 00,95, 00,8d, ff,00, ff,01,
+ff,02, ff,03, ff,85, c0,1f, c0,1e, c0,1d, c0,ae, c0,ac,
+c0,a2, c0,9e, 00,ac, 00,aa, c0,aa, c0,a6, c0,a0, c0,9c,
+00,a8, c0,a8, c0,a4, c0,18, 00,a6, 00,6c, 00,34, 00,bf,
+00,9b, 00,46, c0,37, c0,35, 00,b6, 00,b2, 00,90, c0,9a,
+c0,98, c0,96, 00,ae, c0,94, 00,94, 00,8c, 00,21, 00,25,
+c0,16, 00,18, 00,92, 00,8a, 00,20, 00,24, c0,33, 00,8e,
+c0,1c, c0,1b, c0,1a, c0,17, 00,1b, 00,93, 00,8b, 00,1f,
+00,23, c0,34, 00,8f, 00,1a, 00,61, 00,60, 00,19, 00,06,
+00,0b, 00,0e, 00,17, c0,10, c0,06, c0,15, c0,0b, c0,01,
+c0,3b, c0,3a, c0,39, 00,b9, 00,b8, 00,b5, 00,b4, 00,2e,
+00,2d, 00,b1, 00,b0, 00,2c, 00,3b, 00,02, 00,01, 00,ff"

 # 76 standard cipher + 4x GOST for SSLv3, TLS 1, TLS 1.1
 readonly TLS_CIPHER="