mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-29 04:49:44 +01:00
Merge pull request #1438 from drwetter/update_clienthandshakes
Update clienthandshakes
This commit is contained in:
Dirk Wetter
GitHub
commit
86afeabf8f
@ -741,7 +741,7 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:prime256v1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
current+=(false)
|
||||
|
||||
names+=("Chrome 70 Win 10")
|
||||
short+=("chrome_70_win10")
|
||||
@ -776,7 +776,7 @@
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -798,7 +798,51 @@
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Chrome 78 (Win 10)")
|
||||
short+=("chrome_78_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc030332e6eabb5d4b9818074f79423b0a9cde127a309671fcf0d0420bdb68f98bbc9320085a3e18e8e5cf4060c1e7065523d344f09186ffb835c10095df30b1611bc49a0022eaea130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001912a2a000000000014001200000f73736c2e677374617469632e636f6d00170000ff01000100000a000a0008eaea001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029eaea000100001d0020e0a5bb30a2a14bc13685b4a19ba59628aad22b761dceb63a9dcfa10475f84260002d00020101002b000b0a0a0a0304030303020301001b00030200025a5a000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Chrome 79 (Win 10)")
|
||||
short+=("chrome_79_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc03032f8eea63ff25d05264565777081b6d1a326e12f37751c33c7e953973af65b2ab20a62f96b75b1c41454679b64cd32fb0fbbf99ff019501d92184d589a529c21c590022caca130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001917a7a000000000014001200000f73736c2e677374617469632e636f6d00170000ff01000100000a000a0008eaea001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029eaea000100001d0020465dfa0295bf9cd3578d2f23bbfdf58d6468c5dd0c071f0b7c6bb92fc507685b002d00020101002b000b0ababa0304030303020301001b00030200029a9a000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -819,7 +863,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -840,7 +884,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -861,7 +905,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -882,7 +926,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -903,7 +947,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -924,7 +968,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -945,7 +989,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -966,7 +1010,7 @@
|
||||
tlsvers+=("-tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0301")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -987,7 +1031,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1008,7 +1052,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1029,7 +1073,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1050,7 +1094,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1071,7 +1115,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1092,7 +1136,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1113,7 +1157,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1134,7 +1178,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1155,7 +1199,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1176,7 +1220,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1197,7 +1241,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1218,7 +1262,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1239,7 +1283,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1260,7 +1304,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1281,7 +1325,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1302,7 +1346,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1323,7 +1367,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1344,7 +1388,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1365,7 +1409,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1386,7 +1430,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1407,7 +1451,7 @@
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1415,7 +1459,7 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:prime256v1:secp384r1:secp521r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
current+=(false)
|
||||
|
||||
names+=("Firefox 66 (Win 8.1/10)")
|
||||
short+=("firefox_66_win81")
|
||||
@ -1429,7 +1473,29 @@
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Firefox 71 (Win 10)")
|
||||
short+=("firefox_71_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030102580100025403036d4532515bff048c5c74cb0d39518c9c02e2dfd4d8ecae6591ee67d29ea62eab20c70c3e8feae9ed79d54914215aab37d3d5b7966a422edc41d2c027f9973d6b160024130113031302c02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a010001e700000014001200000f7777772e6d6f7a696c6c612e6f726700170000ff01000100000a000e000c001d00170018001901000101000b000201000010000e000c02683208687474702f312e310005000501000000000033006b0069001d002005dcfe2c42419119e518fb087071ba68445b825e4f4dd9ddb8679c3011d3e75800170041046bd8e6b1818d3985e55a8514d3ec5091945df5eb48136c3a9f67bb6d6665758ef088520626748d59bba63786c0164b948013e0f8eee0ba425d643b7c5d4bfa8f002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001002900eb00c600c0995b148219e66aca5e58a74de1551ae6c76897f50fc853147cf22db9a937361496395112ab0382a942c95fbd48b787d031ae89a8f23f9b7a56c2a0ed5158e919d2491c003ab7d1ca1944b7e5d068d4e6a0c83d9096e9cb76ad2ac081075551cf4bdbfff1194a71c54bf8f88cbe7c246c728155e92f94015e4c5140ce84087c842033ea00fa92f5bd5b601f9650aee0eb0d000175e447945fd28e1df361c5cce443351fd0f7f13cb6cab2e2cc8c3951eb4367dc5004415ab6c3cf0adbca1e3be4f149f74100212008a1f3195cd13d7b4386acd47cdfae0afad06cf8d245744e815ec6989e3cdd6c")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -1922,6 +1988,50 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Opera 65 (Win 10)")
|
||||
short+=("opera_65_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc03039eee8c108ed7b040285658cddb0022e7e1f17bc92084335edf8ad5404fbf424a203bedd34c83b59c3e302af681b449490895335de0d8a0f10d20a0ff610130229b00224a4a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001912a2a000000000014001200000f626c6f67732e6f706572612e636f6d00170000ff01000100000a000a00081a1a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00291a1a000100001d0020cc29a9f8b3a69149c38b29ccb7341b98efd1714c3887fc1e84512470f783921a002d00020101002b000b0adada0304030303020301001b0003020002dada000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Opera 66 (Win 10)")
|
||||
short+=("opera_66_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc0303a7ab90aa0987b33da751017bb78958f51bc1aa76e116c21eb4bb0b51a9f88f77203658175a55b25ab41867568b52e8fb8eaf4c8e91ceccf30ae498879e468579b100222a2a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001911a1a000000000014001200000f626c6f67732e6f706572612e636f6d00170000ff01000100000a000a00087a7a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00297a7a000100001d0020488d0d07b77098f98cb97ee85ae88b358404a8004633896e5110966ab3c18f66002d00020101002b000b0ababa0304030303020301001b00030200023a3a000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 5.1.9 OS X 10.6.8")
|
||||
@ -2554,7 +2664,7 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1:sect239k1:sect233k1:sect233r1:secp224k1:secp224r1:sect193r1:sect193r2:secp192k1:prime192v1:sect163k1:sect163r1:sect163r2:secp160k1:secp160r1:secp160r2")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
current+=(false)
|
||||
|
||||
names+=("OpenSSL 1.0.2e")
|
||||
short+=("openssl_102e")
|
||||
@ -2586,7 +2696,29 @@
|
||||
handshakebytes+=("16030100c2010000be03036468410c4ae36f78a4357ad19fa61353e46aed101eff4e0c9f77ec654dc12eb4000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100005d00000013001100000e7465737473736c2e73683a343433000b000403000102000a000a0008001d001700190018002300000016000000170000000d0020001e060106020603050105020503040104020403030103020303020102020203")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp521r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("OpenSSL 1.1.0l (Debian)")
|
||||
short+=("openssl_110l")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
||||
ciphersuites+=("")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100bf010000bb030350a1cc6c1ae6c9726ce0a025f4d2c522e6b503d5ccd2d1740bd1bb2e7af108d5000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100005a00000010000e00000b7465737473736c2e6e6574000b000403000102000a000a0008001d001700190018002300000016000000170000000d0020001e060106020603050105020503040104020403030103020303020102020203")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
@ -2608,7 +2740,29 @@
|
||||
handshakebytes+=("160301012d010001290303ac67ab7c72eea2e0f68615f02c9e566ed4a3bb0022c2ca1db7615acfb9dedd0120415470391af467e708e8983b134defcb4f4855e774606ae8223265af0fbb802a003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010000a200000013001100000e7465737473736c2e73683a343433000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020b4556edddf807eb6b6bbcd61e25775a3992dd6f5caeee76d37f8895436efc972")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:x448:secp521r1:secp384r1")
|
||||
requiresSha2+=(true)
|
||||
current+=(false)
|
||||
|
||||
names+=("OpenSSL 1.1.1d (Debian)")
|
||||
short+=("openssl_111d")
|
||||
ciphers+=("TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
||||
ciphersuites+=("TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030101290100012503036f18cf85cf24e3676f0e79a3503aa9feefc961e3baed7b00fd876a2c6d2395b3205f4fb8769aa1e5279b848b3f35bec3d7aa9966595d22ebcd35e72f79b9d9fcc9003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100009e0000000f000d00000a7465737473736c2e7368000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020a12c2f7e04adcb76ce5eb8b05cf631e7cdf46f5e28cbe86a676d704098507b40")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
@ -2641,6 +2795,28 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Thunderbird (68.3)")
|
||||
short+=("thunderbird_68_3_1")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc030342ffc6c8b96ea60586a63fe7d97ec8d5c962b55ccfe02177cd94c8ea42f7333e209c9b6129e250f6fb8127664d26a46c410a6c217d4c2c4dc49125edd7191043810024130113031302c02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a0100018f00000013001100000e696d61702e676d61696c2e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000005000501000000000033006b0069001d0020fb48d75e98e9e9c7a7aa32106b8856384f9af1e50f9bd45f2ae3dc349858741b00170041047138476a2fbfd6dc6fa4b351b99248abc20bf27ccb962445161036ec3df7bf7566e048374b72d4cbcf4526475a8a13bbaea75e5925514d6db1a4ae60f6a961fd002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001001500a2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,SMTP,POP,IMAP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Baidu Jan 2015")
|
||||
|
||||
28
etc/client-simulation.wiresharked.md
Normal file
28
etc/client-simulation.wiresharked.md
Normal file
@ -0,0 +1,28 @@
|
||||
This file contains client handshake data manually created from Wireshark.
|
||||
The content needs to be added to client-simulation.txt which other part
|
||||
comes from the SSLlabs client API via update_client_sim_data.pl
|
||||
The whole process is done manually.
|
||||
|
||||
## Instructions how to add a client simulation:
|
||||
|
||||
* Start wireshark at a client or router. Best is during capture to filter for the target of your choice.
|
||||
* Make sure you create a bit of encrypted traffic to your target. Attention, privacy: if you want to contribute, be aware that the ClientHello contains the target hostname (SNI).
|
||||
* Make sure the client traffic is specific: For just "Android" do not use a browser! Use the play store app e.g..
|
||||
* Stop recording.
|
||||
* If needed sort for ClientHello.
|
||||
* Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
|
||||
* Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
|
||||
* Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
|
||||
* Adjust "lowest_protocol" and "highest_protocol" accordingly.
|
||||
* Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
|
||||
* Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
|
||||
* Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
|
||||
* Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
|
||||
* For "ciphers" mark the cipher suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to `~/utils/hexstream2cipher.sh`
|
||||
* "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ``~/utils/hexstream2cipher.sh``
|
||||
* Figure out the services by applying a good piece of human logic
|
||||
* Before submitting a PR: test it yourself! You can also watch it again via wireshark
|
||||
|
||||
|
||||
|
||||
|
||||
@ -3,28 +3,7 @@
|
||||
# comes from the SSLlabs client API via update_client_sim_data.pl
|
||||
# The whole process is done manually.
|
||||
#
|
||||
# Instructions how to add a client simulation:
|
||||
# * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
|
||||
# * Make sure you create a bit of encrypted traffic to a target of your choice 1) .
|
||||
# * Make sure the client traffic is specific: For just "Android" do not use a browser!
|
||||
# * Stop the recording.
|
||||
# * If needed sort for ClientHello.
|
||||
# * Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
|
||||
# * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
|
||||
# * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
|
||||
# * Adjust "lowest_protocol" and "highest_protocol" accordingly.
|
||||
# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
|
||||
# * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
|
||||
# * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
|
||||
# * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
|
||||
# * For "ciphers" mark the Cipher Suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to ~/utils/hexstream2cipher.sh
|
||||
# * "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ~/utils/hexstream2cipher.sh
|
||||
# * Figure out the services by applying a good piece of logic
|
||||
# * Before submitting a PR: test it yourself! You can also watch it again via wireshark
|
||||
#
|
||||
#
|
||||
# 1) Attention, privacy: if you want to contribute it contains the target hostname (SNI)
|
||||
|
||||
# Instructions how to add a client simulation see file "client-simulation.wiresharked.md".
|
||||
|
||||
names+=("Android 8.1 (native)")
|
||||
short+=("android_81")
|
||||
@ -104,7 +83,7 @@
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -126,7 +105,51 @@
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Chrome 78 (Win 10)")
|
||||
short+=("chrome_78_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc030332e6eabb5d4b9818074f79423b0a9cde127a309671fcf0d0420bdb68f98bbc9320085a3e18e8e5cf4060c1e7065523d344f09186ffb835c10095df30b1611bc49a0022eaea130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001912a2a000000000014001200000f73736c2e677374617469632e636f6d00170000ff01000100000a000a0008eaea001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029eaea000100001d0020e0a5bb30a2a14bc13685b4a19ba59628aad22b761dceb63a9dcfa10475f84260002d00020101002b000b0a0a0a0304030303020301001b00030200025a5a000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Chrome 79 (Win 10)")
|
||||
short+=("chrome_79_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc03032f8eea63ff25d05264565777081b6d1a326e12f37751c33c7e953973af65b2ab20a62f96b75b1c41454679b64cd32fb0fbbf99ff019501d92184d589a529c21c590022caca130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001917a7a000000000014001200000f73736c2e677374617469632e636f6d00170000ff01000100000a000a0008eaea001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029eaea000100001d0020465dfa0295bf9cd3578d2f23bbfdf58d6468c5dd0c071f0b7c6bb92fc507685b002d00020101002b000b0ababa0304030303020301001b00030200029a9a000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1024)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -148,7 +171,29 @@
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Firefox 71 (Win 10)")
|
||||
short+=("firefox_71_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030102580100025403036d4532515bff048c5c74cb0d39518c9c02e2dfd4d8ecae6591ee67d29ea62eab20c70c3e8feae9ed79d54914215aab37d3d5b7966a422edc41d2c027f9973d6b160024130113031302c02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a010001e700000014001200000f7777772e6d6f7a696c6c612e6f726700170000ff01000100000a000e000c001d00170018001901000101000b000201000010000e000c02683208687474702f312e310005000501000000000033006b0069001d002005dcfe2c42419119e518fb087071ba68445b825e4f4dd9ddb8679c3011d3e75800170041046bd8e6b1818d3985e55a8514d3ec5091945df5eb48136c3a9f67bb6d6665758ef088520626748d59bba63786c0164b948013e0f8eee0ba425d643b7c5d4bfa8f002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001002900eb00c600c0995b148219e66aca5e58a74de1551ae6c76897f50fc853147cf22db9a937361496395112ab0382a942c95fbd48b787d031ae89a8f23f9b7a56c2a0ed5158e919d2491c003ab7d1ca1944b7e5d068d4e6a0c83d9096e9cb76ad2ac081075551cf4bdbfff1194a71c54bf8f88cbe7c246c728155e92f94015e4c5140ce84087c842033ea00fa92f5bd5b601f9650aee0eb0d000175e447945fd28e1df361c5cce443351fd0f7f13cb6cab2e2cc8c3951eb4367dc5004415ab6c3cf0adbca1e3be4f149f74100212008a1f3195cd13d7b4386acd47cdfae0afad06cf8d245744e815ec6989e3cdd6c")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP")
|
||||
minDhBits+=(1023)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
@ -220,6 +265,50 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Opera 65 (Win 10)")
|
||||
short+=("opera_65_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc03039eee8c108ed7b040285658cddb0022e7e1f17bc92084335edf8ad5404fbf424a203bedd34c83b59c3e302af681b449490895335de0d8a0f10d20a0ff610130229b00224a4a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001912a2a000000000014001200000f626c6f67732e6f706572612e636f6d00170000ff01000100000a000a00081a1a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00291a1a000100001d0020cc29a9f8b3a69149c38b29ccb7341b98efd1714c3887fc1e84512470f783921a002d00020101002b000b0adada0304030303020301001b0003020002dada000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Opera 66 (Win 10)")
|
||||
short+=("opera_66_win10")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc0303a7ab90aa0987b33da751017bb78958f51bc1aa76e116c21eb4bb0b51a9f88f77203658175a55b25ab41867568b52e8fb8eaf4c8e91ceccf30ae498879e468579b100222a2a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001911a1a000000000014001200000f626c6f67732e6f706572612e636f6d00170000ff01000100000a000a00087a7a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00297a7a000100001d0020488d0d07b77098f98cb97ee85ae88b358404a8004633896e5110966ab3c18f66002d00020101002b000b0ababa0304030303020301001b00030200023a3a000100001500c9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,FTP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("OpenSSL 1.1.0j (Debian)")
|
||||
@ -242,6 +331,28 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp521r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("OpenSSL 1.1.0l (Debian)")
|
||||
short+=("openssl_110l")
|
||||
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
||||
ciphersuites+=("")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030100bf010000bb030350a1cc6c1ae6c9726ce0a025f4d2c522e6b503d5ccd2d1740bd1bb2e7af108d5000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100005a00000010000e00000b7465737473736c2e6e6574000b000403000102000a000a0008001d001700190018002300000016000000170000000d0020001e060106020603050105020503040104020403030103020303020102020203")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0303")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp521r1:secp384r1")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("OpenSSL 1.1.1b (Debian)")
|
||||
@ -253,7 +364,7 @@
|
||||
handshakebytes+=("160301012d010001290303ac67ab7c72eea2e0f68615f02c9e566ed4a3bb0022c2ca1db7615acfb9dedd0120415470391af467e708e8983b134defcb4f4855e774606ae8223265af0fbb802a003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010000a200000013001100000e7465737473736c2e73683a343433000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020b4556edddf807eb6b6bbcd61e25775a3992dd6f5caeee76d37f8895436efc972")
|
||||
protos+=("-no_ssl2 -no_ssl3")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0300")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
@ -262,7 +373,29 @@
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:X448:secp521r1:secp384r1")
|
||||
curves+=("X25519:secp256r1:x448:secp521r1:secp384r1")
|
||||
requiresSha2+=(true)
|
||||
current+=(false)
|
||||
|
||||
names+=("OpenSSL 1.1.1d (Debian)")
|
||||
short+=("openssl_111d")
|
||||
ciphers+=("TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
||||
ciphersuites+=("TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("16030101290100012503036f18cf85cf24e3676f0e79a3503aa9feefc961e3baed7b00fd876a2c6d2395b3205f4fb8769aa1e5279b848b3f35bec3d7aa9966595d22ebcd35e72f79b9d9fcc9003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100009e0000000f000d00000a7465737473736c2e7368000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020a12c2f7e04adcb76ce5eb8b05cf631e7cdf46f5e28cbe86a676d704098507b40")
|
||||
protos+=("-no_ssl2 -no_ssl3 -tls1_1 -tls1")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("ANY")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:x448:secp521r1:secp384r1")
|
||||
requiresSha2+=(true)
|
||||
current+=(true)
|
||||
|
||||
@ -286,6 +419,28 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Thunderbird (68.3)")
|
||||
short+=("thunderbird_68_3_1")
|
||||
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
||||
sni+=("$SNI")
|
||||
warning+=("")
|
||||
handshakebytes+=("1603010200010001fc030342ffc6c8b96ea60586a63fe7d97ec8d5c962b55ccfe02177cd94c8ea42f7333e209c9b6129e250f6fb8127664d26a46c410a6c217d4c2c4dc49125edd7191043810024130113031302c02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a0100018f00000013001100000e696d61702e676d61696c2e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000005000501000000000033006b0069001d0020fb48d75e98e9e9c7a7aa32106b8856384f9af1e50f9bd45f2ae3dc349858741b00170041047138476a2fbfd6dc6fa4b351b99248abc20bf27ccb962445161036ec3df7bf7566e048374b72d4cbcf4526475a8a13bbaea75e5925514d6db1a4ae60f6a961fd002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001001500a2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
||||
protos+=("-no_ssl3 -no_ssl2")
|
||||
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
||||
lowest_protocol+=("0x0301")
|
||||
highest_protocol+=("0x0304")
|
||||
alpn+=("h2,http/1.1")
|
||||
service+=("HTTP,SMTP,POP,IMAP")
|
||||
minDhBits+=(-1)
|
||||
maxDhBits+=(-1)
|
||||
minRsaBits+=(-1)
|
||||
maxRsaBits+=(-1)
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
current+=(true)
|
||||
|
||||
names+=("Safari 12.1 (iOS 12.2)")
|
||||
|
||||
42
t/00_testssl_help.t
Executable file
42
t/00_testssl_help.t
Executable file
@ -0,0 +1,42 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# Basics: is there a synatx error where alerady bash hiccups on?
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
|
||||
my $tests = 0;
|
||||
my $fileout="";
|
||||
# Blacklists we use to trigger an error:
|
||||
my $error_regexp1='(syntax|parse) (e|E)rror';
|
||||
my $error_regexp2='testssl.sh: line';
|
||||
my $error_regexp3='bash: warning';
|
||||
my $error_regexp4='command not found';
|
||||
my $error_regexp5='(syntax error|unexpected token)';
|
||||
|
||||
printf "\n%s\n", "Testing whether just calling \"./testssl.sh\" produces no error ...";
|
||||
$fileout = `timeout 10 bash ./testssl.sh 2>&1`;
|
||||
my $retval=$?;
|
||||
|
||||
unlike($fileout, qr/$error_regexp1/, "regex 1");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp2/, "regex 2");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp3/, "regex 3");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp4/, "regex 4");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp5/, "regex 5");
|
||||
$tests++;
|
||||
|
||||
is($retval, 0, "return value should be equal zero: \"$retval\"");
|
||||
$tests++;
|
||||
|
||||
printf "\n";
|
||||
done_testing($tests);
|
||||
|
||||
|
||||
@ -1,9 +0,0 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More tests => 1;
|
||||
|
||||
|
||||
my $newer_bundles=`find etc/*.pem -newer etc/ca_hashes.txt`;
|
||||
is($newer_bundles,"","List of CA bundles newer then etc/ca_hashes.txt should be empty. If not run utils/create_ca_hashes.sh");
|
||||
done_testing;
|
||||
48
t/01_testssl_banner.t
Executable file
48
t/01_testssl_banner.t
Executable file
@ -0,0 +1,48 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# Basics: is there a synatx error where already bash hiccups on?
|
||||
# --banner is equal to --version
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
|
||||
my $tests = 0;
|
||||
my $fileout="";
|
||||
# Blacklists we use to trigger an error:
|
||||
my $error_regexp1='(syntax|parse) (e|E)rror';
|
||||
my $error_regexp2='testssl.sh: line';
|
||||
my $error_regexp3='bash: warning';
|
||||
my $error_regexp4='command not found';
|
||||
my $error_regexp5='(syntax error|unexpected token)';
|
||||
# my $good_regexp='free software.*USAGE w/o ANY WARRANTY.*OWN RISK.*Using.*ciphers.*built(.*)platform';
|
||||
my $good_regexp='free software([\s\S]*)USAGE w/o ANY WARRANTY([\s\S]*)OWN RISK([\s\S]*)Using([\s\S]*)ciphers([\s\S]*)built([\s\S]*)platform';
|
||||
|
||||
printf "\n%s\n", "Testing whether just calling \"./testssl.sh --banner\" produces no error ...";
|
||||
$fileout = `timeout 10 bash ./testssl.sh --banner 2>&1`;
|
||||
my $retval=$?;
|
||||
|
||||
unlike($fileout, qr/$error_regexp1/, "regex 1");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp2/, "regex 2");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp3/, "regex 3");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp4/, "regex 4");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp5/, "regex 5");
|
||||
$tests++;
|
||||
|
||||
like($fileout, qr/$good_regexp/, "regex positive");
|
||||
$tests++;
|
||||
|
||||
is($retval, 0, "return value should be equal zero: \"$retval\"");
|
||||
$tests++;
|
||||
|
||||
printf "\n";
|
||||
done_testing($tests);
|
||||
|
||||
|
||||
26
t/02_clientsim_txt_parsable.t
Executable file
26
t/02_clientsim_txt_parsable.t
Executable file
@ -0,0 +1,26 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# Just a functional test, whether ~/etc/client-simulation.txt
|
||||
# doesn't have any synatx errors
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
|
||||
my $tests = 0;
|
||||
my $fileout="";
|
||||
# Blacklists we use to trigger an error:
|
||||
my $error_regexp1='(syntax|parse) (e|E)rror';
|
||||
my $error_regexp2='client-simulation.txt:';
|
||||
|
||||
printf "\n%s\n", "Testing whether \"~/etc/client-simulation.txt\" isn't broken ...";
|
||||
$fileout = `bash ./etc/client-simulation.txt 2>&1`;
|
||||
unlike($fileout, qr/$error_regexp1/, "regex 1");
|
||||
$tests++;
|
||||
|
||||
unlike($fileout, qr/$error_regexp2/, "regex 2");
|
||||
$tests++;
|
||||
|
||||
printf "\n";
|
||||
done_testing($tests);
|
||||
|
||||
|
||||
12
t/05_ca_hashes_up_to_date.t
Executable file
12
t/05_ca_hashes_up_to_date.t
Executable file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
use strict;
|
||||
use Test::More;
|
||||
|
||||
printf "\n%s\n", "Testing whether CA certificates are newer their SPKI hashes \"~/etc/ca_hashes.txt\" ...";
|
||||
|
||||
my $newer_bundles=`find etc/*.pem -newer etc/ca_hashes.txt`;
|
||||
is($newer_bundles,"","If there's an output with a *.pem file run \"~/utils/create_ca_hashes.sh\"");
|
||||
|
||||
printf "\n";
|
||||
done_testing;
|
||||
@ -21,8 +21,10 @@ die "Unable to open $prg" unless -f $prg;
|
||||
|
||||
my $uri="cloudflare.com";
|
||||
|
||||
printf "\n%s\n", "Unit testing JSON output ...";
|
||||
|
||||
#1
|
||||
printf "\n%s\n", "Unit testing plain JSON output --> $uri ...";
|
||||
printf "%s\n", ".. plain JSON --> $uri ";
|
||||
$out = `./testssl.sh $check2run --jsonfile tmp.json $uri`;
|
||||
$json = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -31,7 +33,7 @@ is(@errors,0,"no errors");
|
||||
$tests++;
|
||||
|
||||
#2
|
||||
printf "\n%s\n", "Unit testing pretty JSON output --> $uri ...";
|
||||
printf "%s\n", ".. pretty JSON --> $uri ";
|
||||
$out = `./testssl.sh $check2run --jsonfile-pretty tmp.json $uri`;
|
||||
$json = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -43,7 +45,7 @@ $tests++;
|
||||
#3
|
||||
# This testss.sh run deliberately does NOT work as travis-ci.org blocks port 25 egress.
|
||||
# but the output should be fine. The idea is to have a unit test for a failed connection.
|
||||
printf "\n%s\n", "Checking plain JSON output for a failed run '--mx $uri' ...";
|
||||
printf "%s\n", ".. plain JSON for a failed run: '--mx $uri' ...";
|
||||
$out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile tmp.json --mx $uri`;
|
||||
$json = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -53,7 +55,7 @@ $tests++;
|
||||
|
||||
#4
|
||||
# Same as above but with pretty JSON
|
||||
printf "\n%s\n", "Checking pretty JSON output for a failed run '--mx $uri' ...";
|
||||
printf "%s\n", ".. pretty JSON for a failed run '--mx $uri' ...";
|
||||
$out = `./testssl.sh --ssl-native --openssl-timeout=10 $check2run --jsonfile-pretty tmp.json --mx $uri`;
|
||||
$json = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -63,7 +65,7 @@ $tests++;
|
||||
|
||||
#5
|
||||
my $uri = "smtp-relay.gmail.com:587";
|
||||
printf "\n%s\n", " Unit testing plain JSON output --> $uri ...";
|
||||
printf "%s\n", " .. plain JSON and STARTTLS --> $uri ...";
|
||||
$out = `./testssl.sh --jsonfile tmp.json $check2run -t smtp $uri`;
|
||||
$json = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -71,7 +73,7 @@ unlink 'tmp.json';
|
||||
is(@errors,0,"no errors");
|
||||
$tests++;
|
||||
|
||||
|
||||
printf "\n";
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
|
||||
@ -18,8 +18,10 @@ my $check2run="--color 0 --htmlfile tmp.html";
|
||||
|
||||
die "Unable to open $prg" unless -f $prg;
|
||||
|
||||
printf "\n%s\n", "Doing HTML output checks";
|
||||
|
||||
#1
|
||||
printf "\n%s\n", "Running $prg against $uri to create HTML and terminal outputs (may take 2~3 minutes) ...";
|
||||
printf "%s\n", " .. running $prg against $uri to create HTML and terminal outputs (may take 2~3 minutes)";
|
||||
# specify a TERM_WIDTH so that the two calls to testssl.sh don't create HTML files with different values of TERM_WIDTH
|
||||
$out = `TERM_WIDTH=120 $prg $check2run $uri`;
|
||||
$html = `cat tmp.html`;
|
||||
@ -41,12 +43,12 @@ $edited_html =~ s/>/>/g;
|
||||
$edited_html =~ s/"/"/g;
|
||||
$edited_html =~ s/'/'/g;
|
||||
|
||||
printf "\n%s\n", "Comparing HTML and terminal outputs";
|
||||
printf "\n%s\n", " .. comparing HTML and terminal outputs";
|
||||
cmp_ok($edited_html, "eq", $out, "HTML file matches terminal output");
|
||||
$tests++;
|
||||
|
||||
#2
|
||||
printf "\n%s\n", "Running $prg against $uri with --debug 4 to create HTML output (may take 2~3 minutes)";
|
||||
printf "\n%s\n", " .. running $prg against $uri with --debug 4 to create HTML output (may take another 2~3 minutes)";
|
||||
# Redirect stderr to /dev/null in order to avoid some unexplained "date: invalid date" error messages
|
||||
$out = `TERM_WIDTH=120 $prg $check2run --debug 4 $uri 2> /dev/null`;
|
||||
$debughtml = `cat tmp.html`;
|
||||
@ -66,9 +68,9 @@ $debughtml =~ s/HTTP clock skew \+?-?[0-9]* /HTTP clock skew
|
||||
$debughtml =~ s/ Pre-test: .*\n//g;
|
||||
$debughtml =~ s/.*OK: below 825 days.*\n//g;
|
||||
|
||||
printf "\n%s\n", "Checking that using the --debug option doesn't affect the HTML file";
|
||||
printf "\n%s\n", " .. checking that using the --debug option doesn't affect the HTML file";
|
||||
cmp_ok($debughtml, "eq", $html, "HTML file created with --debug 4 matches HTML file created without --debug");
|
||||
$tests++;
|
||||
printf "\n%s\n";
|
||||
|
||||
printf "\n";
|
||||
done_testing($tests);
|
||||
|
||||
@ -15,8 +15,11 @@ my (
|
||||
|
||||
$tests = 0;
|
||||
|
||||
|
||||
printf "\n%s\n", "Doing severity level checks";
|
||||
|
||||
#1
|
||||
pass("Running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
||||
pass(" .. running testssl.sh against badssl.com to create a JSON report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
||||
$out = `./testssl.sh -S -e -U --jsonfile tmp.json --severity LOW --color 0 badssl.com`;
|
||||
$json = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -31,7 +34,7 @@ foreach my $f ( @$json ) {
|
||||
is($found,0,"We should not have any finding with INFO level"); $tests++;
|
||||
|
||||
#2
|
||||
pass("Running testssl.sh against badssl.com to create a JSON-PRETTY report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
||||
pass(" .. running testssl.sh against badssl.com to create a JSON-PRETTY report with severity level equal greater than LOW (may take 2~3 minutes)"); $tests++;
|
||||
$out = `./testssl.sh -S -e -U --jsonfile-pretty tmp.json --severity LOW --color 0 badssl.com`;
|
||||
$json_pretty = json('tmp.json');
|
||||
unlink 'tmp.json';
|
||||
@ -45,6 +48,7 @@ foreach my $f ( @$vulnerabilities ) {
|
||||
}
|
||||
is($found,0,"We should not have any finding with INFO level"); $tests++;
|
||||
|
||||
printf "\n";
|
||||
done_testing($tests);
|
||||
|
||||
sub json($) {
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
### Naming scheme
|
||||
|
||||
* 00-09: Does the reporting work at all?
|
||||
* 00-05: Does the bare testssl.sh work at all?
|
||||
* 06-09: Does the reporting work at all?
|
||||
* 20-39: Do scans work fine (client side)?
|
||||
* 50-69: Are the results what I expect (server side)?
|
||||
|
||||
|
||||
@ -17,7 +17,11 @@ for ((i=0; i<len ; i+=4)); do
|
||||
grepstr="0x${hs:$i:2},0x${hs:$((i+2)):2}"
|
||||
echo -n " --> $grepstr --> "
|
||||
cip=$(grep -i -E "^ *${grepstr}" $mapfile | awk '{ print $3 }')
|
||||
echo $cip
|
||||
if [[ $grepstr == 0x00,0xff ]]; then
|
||||
echo TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||
else
|
||||
echo $cip
|
||||
fi
|
||||
if "$first"; then
|
||||
ciphers="$cip"
|
||||
first=false
|
||||
@ -27,4 +31,4 @@ for ((i=0; i<len ; i+=4)); do
|
||||
done
|
||||
|
||||
echo
|
||||
echo $ciphers
|
||||
echo ${ciphers%:}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user