From 7ccb611d135cb8e60bfab70ff4155f34c7c0bc46 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Fri, 28 Jul 2017 12:14:44 -0400 Subject: [PATCH] Update TLS12_CIPHER Update `$TLS12_CIPHER` to contain only 128 ciphers (so that it will work with servers that can't handle larger ClientHello messages), and also add some newer ciphers to `$TLS12_CIPHER`. Also define a `$TLS12_CIPHER_2ND_TRY` containing a list of 127 ciphers that do not appear in `$TLS12_CIPHER`. `$TLS12_CIPHER_2ND_TRY` is used in `run_protocols()` in order to perform a second test against servers that do not establish a TLSv1.2 connection when offered `$TLS12_CIPHER`. --- etc/tls_data.txt | 50 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 16 deletions(-) diff --git a/etc/tls_data.txt b/etc/tls_data.txt index 1ee1eda..d82760f 100755 --- a/etc/tls_data.txt +++ b/etc/tls_data.txt @@ -1,25 +1,43 @@ # data we need for socket based handshakes -# 133 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN +# 124 standard cipher + 4x GOST for TLS 1.2 and SPDY/NPN HTTP2/ALPN readonly TLS12_CIPHER=" -cc,14, cc,13, cc,15, c0,30, c0,2c, c0,28, c0,24, c0,14, -c0,0a, c0,22, c0,21, c0,20, 00,a5, 00,a3, 00,a1, 00,9f, -00,6b, 00,6a, 00,69, 00,68, 00,39, 00,38, 00,37, 00,36, 00,80, 00,81, 00,82, 00,83, -c0,77, c0,73, 00,c4, 00,c3, 00,c2, 00,c1, 00,88, 00,87, -00,86, 00,85, c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05, -c0,79, c0,75, 00,9d, 00,3d, 00,35, 00,c0, 00,84, c0,2f, -c0,2b, c0,27, c0,23, c0,13, c0,09, c0,1f, c0,1e, c0,1d, -00,a4, 00,a2, 00,a0, 00,9e, 00,67, 00,40, 00,3f, 00,3e, -00,33, 00,32, 00,31, 00,30, c0,76, c0,72, 00,be, 00,bd, +c0,30, c0,2c, c0,28, c0,24, c0,14, c0,0a, 00,9f, 00,6b, +00,39, 00,9d, 00,3d, 00,35, c0,2f, c0,2b, c0,27, c0,23, +c0,13, c0,09, 00,9e, 00,67, 00,33, 00,9c, 00,3c, 00,2f, +cc,a9, cc,a8, cc,aa, cc,14, cc,13, cc,15, 00,a5, 00,a3, +00,a1, 00,6a, 00,69, 00,68, 00,38, 00,37, 00,36, c0,77, +c0,73, 00,c4, 00,c3, 00,c2, 00,c1, 00,88, 00,87, 00,86, +00,85, c0,32, c0,2e, c0,2a, c0,26, c0,0f, c0,05, c0,79, +c0,75, 00,c0, 00,84, 00,a4, 00,a2, 00,a0, 00,40, 00,3f, +00,3e, 00,32, 00,31, 00,30, c0,76, c0,72, 00,be, 00,bd, 00,bc, 00,bb, 00,9a, 00,99, 00,98, 00,97, 00,45, 00,44, 00,43, 00,42, c0,31, c0,2d, c0,29, c0,25, c0,0e, c0,04, -c0,78, c0,74, 00,9c, 00,3c, 00,2f, 00,ba, 00,96, 00,41, -00,07, c0,11, c0,07, 00,66, c0,0c, c0,02, 00,05, 00,04, -c0,12, c0,08, c0,1c, c0,1b, c0,1a, 00,16, 00,13, 00,10, -00,0d, c0,0d, c0,03, 00,0a, 00,63, 00,15, 00,12, 00,0f, -00,0c, 00,62, 00,09, 00,65, 00,64, 00,14, 00,11, 00,0e, -00,0b, 00,08, 00,06, 00,03, 00,ff" +c0,78, c0,74, 00,ba, 00,96, 00,41, 00,07, c0,11, c0,07, +00,66, c0,0c, c0,02, 00,05, 00,04, c0,12, c0,08, 00,16, +00,13, 00,10, 00,0d, c0,0d, c0,03, 00,0a, 00,80, 00,81, +00,82, 00,83, 00,63, 00,15, 00,12, 00,0f, 00,0c, 00,62, +00,09, 00,65, 00,64, 00,14, 00,11, 00,08, 00,03, 00,ff" + +# 127 less common ciphers for TLS 1.2 and SPDY/NPN HTTP2/ALPN +readonly TLS12_CIPHER_2ND_TRY=" +c0,22, c0,21, c0,20, 00,b7, 00,b3, 00,91, c0,9b, c0,99, +c0,97, 00,af, c0,95, c0,af, c0,ad, c0,a3, c0,9f, c0,19, +00,a7, 00,6d, 00,3a, 00,c5, 00,89, 00,ad, 00,ab, cc,ae, +cc,ad, cc,ac, c0,ab, c0,a7, c0,a1, c0,9d, 00,a9, cc,ab, +c0,a9, c0,a5, c0,38, c0,36, 00,95, 00,8d, ff,00, ff,01, +ff,02, ff,03, ff,85, c0,1f, c0,1e, c0,1d, c0,ae, c0,ac, +c0,a2, c0,9e, 00,ac, 00,aa, c0,aa, c0,a6, c0,a0, c0,9c, +00,a8, c0,a8, c0,a4, c0,18, 00,a6, 00,6c, 00,34, 00,bf, +00,9b, 00,46, c0,37, c0,35, 00,b6, 00,b2, 00,90, c0,9a, +c0,98, c0,96, 00,ae, c0,94, 00,94, 00,8c, 00,21, 00,25, +c0,16, 00,18, 00,92, 00,8a, 00,20, 00,24, c0,33, 00,8e, +c0,1c, c0,1b, c0,1a, c0,17, 00,1b, 00,93, 00,8b, 00,1f, +00,23, c0,34, 00,8f, 00,1a, 00,61, 00,60, 00,19, 00,06, +00,0b, 00,0e, 00,17, c0,10, c0,06, c0,15, c0,0b, c0,01, +c0,3b, c0,3a, c0,39, 00,b9, 00,b8, 00,b5, 00,b4, 00,2e, +00,2d, 00,b1, 00,b0, 00,2c, 00,3b, 00,02, 00,01, 00,ff" # 76 standard cipher + 4x GOST for SSLv3, TLS 1, TLS 1.1 readonly TLS_CIPHER="