From 93da0919a9cdfe1e0f85957835134a6f1f9733ee Mon Sep 17 00:00:00 2001
From: David Cooper <david.cooper@nist.gov>
Date: Tue, 4 Dec 2018 12:51:46 -0500
Subject: [PATCH] Fix #990

There is at least one extension that will fail on a TLSv1.3 ClientHello if the psk_key_exchange_modes extension is not present (see #990). The PR adds the extension to TLSv1.3 ClientHello messages. OpenSSL, Firefox, and Chrome all include this extension in their ClientHello messages, so including it is unlikely to cause problems for any servers.
---
 testssl.sh | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/testssl.sh b/testssl.sh
index 497c758..f48a82e 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -11905,7 +11905,7 @@ prepare_tls_clienthello() {
      local extension_signature_algorithms extension_heartbeat session_id
      local extension_session_ticket extension_next_protocol extension_padding
      local extension_supported_groups="" extension_supported_point_formats=""
-     local extensions_key_share="" extn_type supported_groups_c2n=""
+     local extensions_key_share="" extn_type supported_groups_c2n="" extn_psk_mode=""
      local extra_extensions extra_extensions_list="" extension_supported_versions=""
      local offer_compression=false compression_methods
 
@@ -12003,6 +12003,9 @@ prepare_tls_clienthello() {
           extension_next_protocol="
           33, 74, 00, 00"
 
+          extn_psk_mode="
+          00, 2d, 00, 02, 01, 01"
+
           if "$ecc_cipher_suite_found"; then
                # Supported Groups Extension
                extension_supported_groups="
@@ -12124,6 +12127,15 @@ prepare_tls_clienthello() {
                fi
           fi
 
+          # There does not seem to be any reason to include this extension. However, it appears that
+          # OpenSSL, Firefox, and Chrome include it in TLS 1.3 ClientHello messages, and there is at
+          # least one server that will fail the connection if it is absent
+          # (see https://github.com/drwetter/testssl.sh/issues/990).
+          if [[ "0x$tls_low_byte" -ge "0x04" ]] && [[ ! "$extra_extensions_list" =~ " 002d " ]]; then
+               [[ -n "$all_extensions" ]] && all_extensions+=","
+               all_extensions+="$extn_psk_mode"
+          fi
+
           if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then
                [[ -n "$all_extensions" ]] && all_extensions+=","
                all_extensions+="$extension_session_ticket"
@@ -15213,6 +15225,9 @@ run_grease() {
      # values in the supported_versions extension.
      # see https://www.ietf.org/mail-archive/web/tls/current/msg22319.html
 
+     # TODO: For servers that support TLSv1.3, check that servers don't require the
+     # psk_key_exchange_modes extension to be present in the ClientHello.
+
      if ! "$bug_found"; then
           outln " No bugs found."
           fileout "$jsonID" "OK" "No bugs found."