There is at least one extension that will fail on a TLSv1.3 ClientHello if the psk_key_exchange_modes extension is not present (see #990). The PR adds the extension to TLSv1.3 ClientHello messages. OpenSSL, Firefox, and Chrome all include this extension in their ClientHello messages, so including it is unlikely to cause problems for any servers.
This commit is contained in:
David Cooper 2018-12-04 12:51:46 -05:00 committed by GitHub
parent e9c5435c0a
commit 93da0919a9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -11905,7 +11905,7 @@ prepare_tls_clienthello() {
local extension_signature_algorithms extension_heartbeat session_id local extension_signature_algorithms extension_heartbeat session_id
local extension_session_ticket extension_next_protocol extension_padding local extension_session_ticket extension_next_protocol extension_padding
local extension_supported_groups="" extension_supported_point_formats="" local extension_supported_groups="" extension_supported_point_formats=""
local extensions_key_share="" extn_type supported_groups_c2n="" local extensions_key_share="" extn_type supported_groups_c2n="" extn_psk_mode=""
local extra_extensions extra_extensions_list="" extension_supported_versions="" local extra_extensions extra_extensions_list="" extension_supported_versions=""
local offer_compression=false compression_methods local offer_compression=false compression_methods
@ -12003,6 +12003,9 @@ prepare_tls_clienthello() {
extension_next_protocol=" extension_next_protocol="
33, 74, 00, 00" 33, 74, 00, 00"
extn_psk_mode="
00, 2d, 00, 02, 01, 01"
if "$ecc_cipher_suite_found"; then if "$ecc_cipher_suite_found"; then
# Supported Groups Extension # Supported Groups Extension
extension_supported_groups=" extension_supported_groups="
@ -12124,6 +12127,15 @@ prepare_tls_clienthello() {
fi fi
fi fi
# There does not seem to be any reason to include this extension. However, it appears that
# OpenSSL, Firefox, and Chrome include it in TLS 1.3 ClientHello messages, and there is at
# least one server that will fail the connection if it is absent
# (see https://github.com/drwetter/testssl.sh/issues/990).
if [[ "0x$tls_low_byte" -ge "0x04" ]] && [[ ! "$extra_extensions_list" =~ " 002d " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extn_psk_mode"
fi
if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+="," [[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extension_session_ticket" all_extensions+="$extension_session_ticket"
@ -15213,6 +15225,9 @@ run_grease() {
# values in the supported_versions extension. # values in the supported_versions extension.
# see https://www.ietf.org/mail-archive/web/tls/current/msg22319.html # see https://www.ietf.org/mail-archive/web/tls/current/msg22319.html
# TODO: For servers that support TLSv1.3, check that servers don't require the
# psk_key_exchange_modes extension to be present in the ClientHello.
if ! "$bug_found"; then if ! "$bug_found"; then
outln " No bugs found." outln " No bugs found."
fileout "$jsonID" "OK" "No bugs found." fileout "$jsonID" "OK" "No bugs found."