Merge branch 'more_client_sim' of github.com:drwetter/testssl.sh into more_client_sim
This commit is contained in:
commit
80c10f5bb3
|
@ -32,7 +32,6 @@ If you want to test against e.g. a company internal CA you want to avoid warning
|
||||||
|
|
||||||
* ``common-primes.txt`` is used for LOGJAM and the PFS section
|
* ``common-primes.txt`` is used for LOGJAM and the PFS section
|
||||||
|
|
||||||
* ``client-simulation.txt`` as the name indicates it's the data for the client simulation. Use
|
* ``client-simulation.txt`` / ``client-simulation.wiresharked.txt`` are as the names indicate data for the client simulation.
|
||||||
``~/utils/update_client_sim_data.pl`` for an update. Note: This list has been manually
|
The first one is derived from ``~/utils/update_client_sim_data.pl``, and manually edited to sort and label those we don't want.
|
||||||
edited to sort it and weed it out. In addition the file named ``client-simulation.wiresharked.txt``
|
The second file provides more client data retrieved from wireshark captures and some instructions how to do that yourself.
|
||||||
provides more client data and some instructions how to generate it yourself
|
|
||||||
|
|
|
@ -751,7 +751,7 @@
|
||||||
warning+=("")
|
warning+=("")
|
||||||
handshakebytes+=("1603010200010001fc0303a4ae4c9839623356a42a2a977373dcefc5920611a46c549eca42959de9e2dab220d6c3276206e9c756685d96687302864815ed0e8496472898e86b30b694ee994300229a9a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001913a3a0000ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d00140012040308040401050308050501080606010201000500050100000000001200000010000e000c02683208687474702f312e3175500000000b000201000033002b00291a1a000100001d00205672b32aa464a7b8513f37108290ab0dd39e317d2b0db8fe0d77c147b324fe29002d00020101002b000b0a0a0a0304030303020301000a000a00081a1a001d00170018001b00030200022a2a000100001500c50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
handshakebytes+=("1603010200010001fc0303a4ae4c9839623356a42a2a977373dcefc5920611a46c549eca42959de9e2dab220d6c3276206e9c756685d96687302864815ed0e8496472898e86b30b694ee994300229a9a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001913a3a0000ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d00140012040308040401050308050501080606010201000500050100000000001200000010000e000c02683208687474702f312e3175500000000b000201000033002b00291a1a000100001d00205672b32aa464a7b8513f37108290ab0dd39e317d2b0db8fe0d77c147b324fe29002d00020101002b000b0a0a0a0304030303020301000a000a00081a1a001d00170018001b00030200022a2a000100001500c50000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||||
protos+=("-no_ssl3 -no_ssl2")
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
lowest_protocol+=("0x0301")
|
lowest_protocol+=("0x0301")
|
||||||
highest_protocol+=("0x0304")
|
highest_protocol+=("0x0304")
|
||||||
service+=("HTTP,FTP")
|
service+=("HTTP,FTP")
|
||||||
|
@ -762,6 +762,28 @@
|
||||||
minEcdsaBits+=(-1)
|
minEcdsaBits+=(-1)
|
||||||
curves+=("X25519:prime256v1:secp384r1")
|
curves+=("X25519:prime256v1:secp384r1")
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("Chrome 73 (Win 10)")
|
||||||
|
short+=("chrome_73_win10")
|
||||||
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010200010001fc0303a719e434922565bbd59fe0dfec21b7f5c8549fdf52566af99cce87ecb276992b20bbf979b5fbe4ebd1412e55ffe6b811e561d3f04ce451fc229d329babda4de91d00227a7a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001914a4a000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00205c2f12fabe8b2ff843aa9f347816b7d3a8b8c051f0830f4bbf13d44b5ec37c2b002d00020101002b000b0aeaea0304030303020301001b0003020002eaea000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||||
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0304")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1")
|
||||||
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
names+=("Firefox 10.0.12 ESR Win 7")
|
names+=("Firefox 10.0.12 ESR Win 7")
|
||||||
|
@ -1350,7 +1372,7 @@
|
||||||
minEcdsaBits+=(-1)
|
minEcdsaBits+=(-1)
|
||||||
curves+=("X25519:prime256v1:secp384r1:secp521r1")
|
curves+=("X25519:prime256v1:secp384r1:secp521r1")
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(false)
|
||||||
|
|
||||||
names+=("Firefox 62 Win 7")
|
names+=("Firefox 62 Win 7")
|
||||||
short+=("firefox_62_win7")
|
short+=("firefox_62_win7")
|
||||||
|
@ -1373,7 +1395,7 @@
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
names+=("Firefox 66 (Win 8.1)")
|
names+=("Firefox 66 (Win 8.1/10)")
|
||||||
short+=("firefox_66_win81")
|
short+=("firefox_66_win81")
|
||||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||||
|
@ -1708,7 +1730,7 @@
|
||||||
minEcdsaBits+=(-1)
|
minEcdsaBits+=(-1)
|
||||||
curves+=("prime256v1:secp384r1")
|
curves+=("prime256v1:secp384r1")
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(false)
|
||||||
|
|
||||||
names+=("Edge 13 Win Phone 10")
|
names+=("Edge 13 Win Phone 10")
|
||||||
short+=("edge_13_winphone10")
|
short+=("edge_13_winphone10")
|
||||||
|
@ -1729,7 +1751,7 @@
|
||||||
minEcdsaBits+=(-1)
|
minEcdsaBits+=(-1)
|
||||||
curves+=("prime256v1:secp384r1")
|
curves+=("prime256v1:secp384r1")
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(false)
|
||||||
|
|
||||||
names+=("Edge 15 Win 10")
|
names+=("Edge 15 Win 10")
|
||||||
short+=("edge_15_win10")
|
short+=("edge_15_win10")
|
||||||
|
@ -1752,6 +1774,28 @@
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Edge 17 (Win 10)")
|
||||||
|
short+=("edge_17_win10")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160303018d0100018903035cbeb3c560acfb3dfe583ba45f51f5e2e36f99dfe5e22f1a230724dfaf5ddbde000026c02cc02bc030c02fc024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0100013a0000001a0018000015737570706f72742e6d6963726f736f66742e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603002300c000000f032566a8435c845ce7de67f2f4fd6c75ed3206c9448a513d4b4f8cd2fedb5f7d1eb4573ce68756fdad198bd3e4eadfd4db2d7794cc69198366edcb9b9ff5803a58718c1de4d6dffeb4354cd48f5dba6de719cebb27d544f6b2f4427e4e5d46f564d3098134d9b69a4e83e233f5dfea099733f75022dba07665d7c35dd09742082a06f080871caaa6a7770ebc9e2c792eb88c44d0d56ae6ba068a189b674491cee28155148c86d53071e170ab354e0fd0e390b9ddda0886b9fa8c70ee1a0010000e000c02683208687474702f312e310017000000180006001003020100ff01000100")
|
||||||
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
names+=("Opera 12.15 Win 7")
|
names+=("Opera 12.15 Win 7")
|
||||||
short+=("opera_1215_win7")
|
short+=("opera_1215_win7")
|
||||||
ciphers+=("DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-DSS-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
ciphers+=("DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-DSS-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||||
|
@ -1836,6 +1880,28 @@
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(false)
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("Opera 60 (Win 10)")
|
||||||
|
short+=("opera_60_win10")
|
||||||
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010200010001fc03033503bae63f0cf8ef9d0a55623327a28e3c3525a2ce28153242e132279d3940e3206a440f32e7a8488b012b12d4b7d1b2b1764c784a944662a7f305e90f7d15168500228a8a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191eaea000000000012001000000d7777772e6f706572612e636f6d00170000ff01000100000a000a0008caca001d00170018000b00020100002300c07505f51cc349fe3f9e022858dcd1eb12ca07a302fd9f43a4cbffec031296e77b07122bb9532dd112770b686a4898e20462c514c5fb043dc325a5453753c499774bfab673024a86543064c33d40b67b2e4e9dfa177305e8cdc39f3d8afe0fe7c80406a9e07ea836dd8a46ab7ef9aa5dc66301a346585f7ff26615a28cbea2544d4ba8101be6f528b4bba3a5ce9a6683537b29cd16d4c5015de6f9a93d3c132389e56ff20853d952f6ee06b46ca89dc52b67583fbb0fb61e2b78c03ef97892c6a90010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029caca000100001d00204aeb26ec670ce59e094a8b97c281186b4e87706df48667a24193e268a069cd54002d00020101002b000b0a3a3a0304030303020301001b00030200027a7a0001000015000b0000000000000000000000")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0304")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
names+=("Safari 5.1.9 OS X 10.6.8")
|
names+=("Safari 5.1.9 OS X 10.6.8")
|
||||||
short+=("safari_519_osx1068")
|
short+=("safari_519_osx1068")
|
||||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
@ -2426,6 +2492,28 @@
|
||||||
requiresSha2+=(true)
|
requiresSha2+=(true)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Thunderbird (60.6)")
|
||||||
|
short+=("thunderbird_60_6_1")
|
||||||
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010200010001fc03039f5f6a4903cf739091fca37e8f43e6d173ffeb64905977b2dede05e061f3a24c20f958c20b0edd50e0716d108e1d6046178a8974d868c138eac8a6ab8becdf81cd001c130113031302c02bc02fcca9cca8c02cc030c013c014002f0035000a0100019700000013001100000e696d61702e676d61696c2e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000005000501000000000033006b0069001d00200ff08104aea54116caac222c2b7661e05d852847fcfd6860a0ec2f09804bd5330017004104d7afd4ac669de5312ff866d84381723c1d5ff549d409658f9300644d76e33b5c953499a89bdb1fc8930587645bf3452a47fbe6e3f00a59e232c39c269791d871002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001001500aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||||
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0304")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,SMTP,POP,IMAP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
names+=("Baidu Jan 2015")
|
names+=("Baidu Jan 2015")
|
||||||
short+=("baidu_jan_2015")
|
short+=("baidu_jan_2015")
|
||||||
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-MD5:RC4-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-MD5:RC4-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||||
|
|
|
@ -6,14 +6,14 @@
|
||||||
# Instructions how to add a client simulation:
|
# Instructions how to add a client simulation:
|
||||||
# * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
|
# * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
|
||||||
# * Make sure you create a bit of encrypted traffic to a target of your choice 1) .
|
# * Make sure you create a bit of encrypted traffic to a target of your choice 1) .
|
||||||
# * Make sure the client traffic is specific: For just "Android" do not use a browser.
|
# * Make sure the client traffic is specific: For just "Android" do not use a browser!
|
||||||
# * Stop the recording.
|
# * Stop the recording.
|
||||||
# * If needed sort for ClientHello.
|
# * If needed sort for ClientHello.
|
||||||
# * Look for the ClientHello which matches the source IP + destination IP you had in mind.
|
# * Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
|
||||||
# * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
|
# * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
|
||||||
# * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
|
# * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
|
||||||
# * Adjust "lowest_protocol" and "highest_protocol" accordingly.
|
# * Adjust "lowest_protocol" and "highest_protocol" accordingly.
|
||||||
# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit GREASE.
|
# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
|
||||||
# * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
|
# * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
|
||||||
# * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
|
# * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
|
||||||
# * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
|
# * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
# * Before submitting a PR: test it yourself! You can also watch it again via wireshark
|
# * Before submitting a PR: test it yourself! You can also watch it again via wireshark
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
# 1) Attention: if you want to contribute it contains the target hostname (SNI)
|
# 1) Attention, privacy: if you want to contribute it contains the target hostname (SNI)
|
||||||
|
|
||||||
|
|
||||||
names+=("Android 8.1 (native)")
|
names+=("Android 8.1 (native)")
|
||||||
|
@ -70,8 +70,52 @@
|
||||||
requiresSha2+=(true)
|
requiresSha2+=(true)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
names+=("Firefox 66 (Win 8.1)")
|
names+=("Edge 17 Win 10")
|
||||||
short+=("firefox_66_win81")
|
short+=("edge_17_win10")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160303018d0100018903035cbeb3c560acfb3dfe583ba45f51f5e2e36f99dfe5e22f1a230724dfaf5ddbde000026c02cc02bc030c02fc024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0100013a0000001a0018000015737570706f72742e6d6963726f736f66742e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603002300c000000f032566a8435c845ce7de67f2f4fd6c75ed3206c9448a513d4b4f8cd2fedb5f7d1eb4573ce68756fdad198bd3e4eadfd4db2d7794cc69198366edcb9b9ff5803a58718c1de4d6dffeb4354cd48f5dba6de719cebb27d544f6b2f4427e4e5d46f564d3098134d9b69a4e83e233f5dfea099733f75022dba07665d7c35dd09742082a06f080871caaa6a7770ebc9e2c792eb88c44d0d56ae6ba068a189b674491cee28155148c86d53071e170ab354e0fd0e390b9ddda0886b9fa8c70ee1a0010000e000c02683208687474702f312e310017000000180006001003020100ff01000100")
|
||||||
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Chrome 73 (Win 10)")
|
||||||
|
short+=("chrome_73_win10")
|
||||||
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010200010001fc0303a719e434922565bbd59fe0dfec21b7f5c8549fdf52566af99cce87ecb276992b20bbf979b5fbe4ebd1412e55ffe6b811e561d3f04ce451fc229d329babda4de91d00227a7a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001914a4a000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00205c2f12fabe8b2ff843aa9f347816b7d3a8b8c051f0830f4bbf13d44b5ec37c2b002d00020101002b000b0aeaea0304030303020301001b0003020002eaea000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||||
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0304")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Firefox 66 (Win 8.1/10)")
|
||||||
|
short+=("firefox_66_win")
|
||||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||||
sni+=("$SNI")
|
sni+=("$SNI")
|
||||||
|
@ -92,6 +136,28 @@
|
||||||
requiresSha2+=(false)
|
requiresSha2+=(false)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Opera 60 (Win 10)")
|
||||||
|
short+=("opera_60_win10")
|
||||||
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010200010001fc03033503bae63f0cf8ef9d0a55623327a28e3c3525a2ce28153242e132279d3940e3206a440f32e7a8488b012b12d4b7d1b2b1764c784a944662a7f305e90f7d15168500228a8a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191eaea000000000012001000000d7777772e6f706572612e636f6d00170000ff01000100000a000a0008caca001d00170018000b00020100002300c07505f51cc349fe3f9e022858dcd1eb12ca07a302fd9f43a4cbffec031296e77b07122bb9532dd112770b686a4898e20462c514c5fb043dc325a5453753c499774bfab673024a86543064c33d40b67b2e4e9dfa177305e8cdc39f3d8afe0fe7c80406a9e07ea836dd8a46ab7ef9aa5dc66301a346585f7ff26615a28cbea2544d4ba8101be6f528b4bba3a5ce9a6683537b29cd16d4c5015de6f9a93d3c132389e56ff20853d952f6ee06b46ca89dc52b67583fbb0fb61e2b78c03ef97892c6a90010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029caca000100001d00204aeb26ec670ce59e094a8b97c281186b4e87706df48667a24193e268a069cd54002d00020101002b000b0a3a3a0304030303020301001b00030200027a7a0001000015000b0000000000000000000000")
|
||||||
|
protos+=("-no_ssl2")
|
||||||
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0304")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
names+=("OpenSSL 1.1.0j (Debian)")
|
names+=("OpenSSL 1.1.0j (Debian)")
|
||||||
short+=("openssl_110j")
|
short+=("openssl_110j")
|
||||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
||||||
|
@ -136,3 +202,26 @@
|
||||||
requiresSha2+=(true)
|
requiresSha2+=(true)
|
||||||
current+=(true)
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Thunderbird (60.6)")
|
||||||
|
short+=("thunderbird_60_6_1")
|
||||||
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010200010001fc03039f5f6a4903cf739091fca37e8f43e6d173ffeb64905977b2dede05e061f3a24c20f958c20b0edd50e0716d108e1d6046178a8974d868c138eac8a6ab8becdf81cd001c130113031302c02bc02fcca9cca8c02cc030c013c014002f0035000a0100019700000013001100000e696d61702e676d61696c2e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000005000501000000000033006b0069001d00200ff08104aea54116caac222c2b7661e05d852847fcfd6860a0ec2f09804bd5330017004104d7afd4ac669de5312ff866d84381723c1d5ff549d409658f9300644d76e33b5c953499a89bdb1fc8930587645bf3452a47fbe6e3f00a59e232c39c269791d871002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001001500aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||||
|
protos+=("-no_ssl3 -no_ssl2")
|
||||||
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0304")
|
||||||
|
alpn+=("h2,http/1.1")
|
||||||
|
service+=("HTTP,SMTP,POP,IMAP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue