CLients are deduplicated and marked as current

2025-01-10 18:50:58 +01:00 · 2016-07-03 17:52:31 +02:00 · 2016-07-03 17:52:31 +02:00 · 9d481423b9
commit 9d481423b9
parent d8fb7dc680
2 changed files with 1956 additions and 2026 deletions
--- a/client-simulation-data.sh
+++ b/client-simulation-data.sh
--- a/utils/update_client_sim_data.pl
+++ b/utils/update_client_sim_data.pl
@ -21,27 +21,12 @@ foreach my $line ( split /\n/, `bin/openssl.Darwin.x86_64 ciphers -V 'ALL:COMPLE
 	$ciphers{hex "0x$hex"} = $fields[3];
 }
 open OUT, ">client-simulation-data.sh" or die "Unable to open client-simulation-data.sh";
 print OUT "#!/bin/bash
 # This file contains client handshake data used in the run_client_simulation function
 # Don't update this file by hand, but run util/update_client_sim_data.pl instead
 # --- Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients ---
 ";
 # Get the data
 my $json = `curl 'https://api.dev.ssllabs.com/api/v3/getClients'`;
 my $ssllabs = decode_json($json);
 my %sims;
 foreach my $client ( @$ssllabs ) {
 	# Names
 	my $name = "$client->{name} $client->{version}";
 	$name .= " $client->{platform}" if exists $client->{platform};
 	# Get first namelength characters only
 	$name = substr($name . (" " x $namelength),0,$namelength);
 	print OUT "names+=(\"$name\")\n";
 	# Shorts
 	my $shortname = "$client->{name}_$client->{version}";
 	$shortname =~ s/ /_/g;
@ -49,30 +34,42 @@ foreach my $client ( @$ssllabs ) {
 	$shortname .= "_$client->{platform}" if exists $client->{platform};
 	$shortname =~ s/[ \.]//g;
 	$shortname = lc($shortname);
-	print OUT "short+=(\"$shortname\")\n";
+
 	# Deduplicate
 	if ( ! exists $sims{$shortname} || $sims{$shortname}->{id} < $client->{id} ) {
 		my $sim = {};
 		$sims{$shortname} = $sim;
 		$sim->{shortname} = "short+=(\"$shortname\")";
 		# Names
 		my $name = "$client->{name} $client->{version}";
 		$name .= " $client->{platform}" if exists $client->{platform};
 		# Get first namelength characters only
 		$name = substr($name . " " x $namelength,0,$namelength);
 		$sim->{name} = "names+=(\"$name\")";
 		# Ciphers
 		my @ciphers = ();
 		foreach my $suite ( @{$client->{suiteIds}} ) {
 			push @ciphers, $ciphers{$suite} if exists $ciphers{$suite};
 		}
-	print OUT "ciphers+=(\"" . (join ":", @ciphers) . "\")\n";
+		$sim->{ciphers} = "ciphers+=(\"" . (join ":", @ciphers) . "\")";
 		# SNI
 		if ( exists $client->{supportsSni} && $client->{supportsSni} ) {
-		print OUT "sni+=(\"\$SNI\")\n";
+			$sim->{sni} = "sni+=(\"\$SNI\")";
 		} else {
-		print OUT "sni+=(\"\")\n";		
+			$sim->{sni} = "sni+=(\"\")";		
 		}
 		# warning (if needed)
-	print OUT "warning+=(\"\")\n";
+		$sim->{warning} = "warning+=(\"\")";
 		# Handshake
 		if ( exists $client->{hexHandshakeBytes} ) {
-		print OUT "handshakebytes+=(\"$client->{hexHandshakeBytes}\")\n"
+			$sim->{handshakebytes} = "handshakebytes+=(\"$client->{hexHandshakeBytes}\")";
 		} else {
-		print OUT "handshakebytes+=(\"\")\n"
+			$sim->{handshakebytes} = "handshakebytes+=(\"\")";
 		}
 		# protos
@ -104,91 +101,171 @@ foreach my $client ( @$ssllabs ) {
 			# 771 = 0x303 = tls1.2
 			push @proto_flags, "-tls1_2";
 		}
-	print OUT "protos+=(\"" . (join " ", reverse @proto_flags) . "\")\n";
+		$sim->{protos} = "protos+=(\"" . (join " ", reverse @proto_flags) . "\")";
-	printf OUT "lowest_protocol+=(\"0x%04x\")\n", $client->{lowestProtocol};
+		$sim->{lowestProtocol} = sprintf("lowest_protocol+=(\"0x%04x\")", $client->{lowestProtocol});
-	printf OUT "highest_protocol+=(\"0x%04x\")\n", $client->{highestProtocol};
+		$sim->{highestProtocol} = sprintf("highest_protocol+=(\"0x%04x\")", $client->{highestProtocol});
 		if ( lc($client->{name}) eq "java" || lc($client->{name}) eq "openssl" ) {
 			# Java and OpenSSL are generic clients
-		print OUT "service+=(\"ANY\")\n";		
+			$sim->{service} =  "service+=(\"ANY\")";		
 		} elsif ( $shortname =~ /^apple_ats/ ) { 
 			# Apple ATS is HTTP(s) only
-		print OUT "service+=(\"HTTP\")\n";
+			$sim->{service} = "service+=(\"HTTP\")";
 		} else {
 			# All others are HTTP(s)/FTP only
-		print OUT "service+=(\"HTTP,FTP\")\n";
+			$sim->{service} = "service+=(\"HTTP,FTP\")";
 		}
 		# Bit size limitations
-	print OUT "minDhBits+=($client->{minDhBits})\n";
+		$sim->{minDhBits} = "minDhBits+=($client->{minDhBits})";
-	print OUT "maxDhBits+=($client->{maxDhBits})\n";
+		$sim->{maxDhBits} = "maxDhBits+=($client->{maxDhBits})";
-	print OUT "minRsaBits+=($client->{minRsaBits})\n";
+		$sim->{minRsaBits} = "minRsaBits+=($client->{minRsaBits})";
-	print OUT "maxRsaBits+=($client->{maxRsaBits})\n";
+		$sim->{maxRsaBits} = "maxRsaBits+=($client->{maxRsaBits})";
-	print OUT "minEcdsaBits+=($client->{minEcdsaBits})\n";
+		$sim->{minEcdsaBits} = "minEcdsaBits+=($client->{minEcdsaBits})";
 		if ( defined $client->{requiresSha2} && $client->{requiresSha2} ) {
-		print OUT "requiresSha2+=(true)\n";
+			$sim->{requiresSha2} = "requiresSha2+=(true)";
 		} else {
-		print OUT "requiresSha2+=(false)\n";		
+			$sim->{requiresSha2} = "requiresSha2+=(false)";		
 		}
 	}
 }
 #
 # This is where we maintain our own clients
 my $sim = {};
 #$sim->{name} = "names+=(\"Mail iOS 9.3.2                \")";
 #$sim->{shortname} = "short+=(\"mail_ios_932\")";
 #$sim->{ciphers} = "ciphers+=(\"ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5\")";
 #$sim->{sni} = "sni+=(\"\$SNI\")";
 #$sim->{warning} = "warning+=(\"\")";
 #$sim->{handshakebytes} = "handshakebytes+=(\"16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000\")";
 #$sim->{protos} = "protos+=(\"#-tls1_1 -tls1\")";
 #$sim->{lowestProtocol} = "lowest_protocol+=(\"0x0300\")";
 #$sim->{highestProtocol} = "highest_protocol+=(\"0x0301\")";
 #$sim->{service} = "service+=(\"SMTP,POP,IMAP\")";
 #$sim->{minDhBits} = "minDhBits+=(-1)";
 #$sim->{maxDhBits} = "maxDhBits+=(-1)";
 #$sim->{minRsaBits} = "minRsaBits+=(-1)";
 #$sim->{maxRsaBits} = "maxRsaBits+=(-1)";
 #$sim->{minEcdsaBits} = "minEcdsaBits+=(-1)";
 #$sim->{requiresSha2} = "requiresSha2+=(false)";
 #
 #$sim->{name} = "names+=(\"Mail OSX 10.11.15             \")";
 #$sim->{shortname} = "short+=(\"mail_osx_101115\")";
 #$sim->{ciphers} = "ciphers+=(\"ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5\")";
 #$sim->{sni} = "sni+=(\"\$SNI\")";
 #$sim->{warning} = "warning+=(\"\")";
 #$sim->{handshakebytes} = "handshakebytes+=(\"16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000\")";
 #$sim->{protos} = "protos+=(\"-tls1\")";
 #$sim->{lowestProtocol} = "lowest_protocol+=(\"0x0301\")";
 #$sim->{highestProtocol} = "highest_protocol+=(\"0x0301\")";
 #$sim->{service} = "service+=(\"SMTP,POP,IMAP\")";
 #$sim->{minDhBits} = "minDhBits+=(-1)";
 #$sim->{maxDhBits} = "maxDhBits+=(-1)";
 #$sim->{minRsaBits} = "minRsaBits+=(-1)";
 #$sim->{maxRsaBits} = "maxRsaBits+=(-1)";
 #$sim->{minEcdsaBits} = "minEcdsaBits+=(-1)";
 #$sim->{requiresSha2} = "requiresSha2+=(false)";
 $sim->{name} = "names+=(\"Thunderbird 45.1.1 OSX 10.11  \")";
 $sim->{shortname} = "short+=(\"thunderbird_45.1.1_osx_101115\")";
 $sim->{ciphers} = "ciphers+=(\"ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA\")";
 $sim->{sni} = "sni+=(\"\$SNI\")";
 $sim->{warning} = "warning+=(\"\")";
 $sim->{handshakebytes} = "handshakebytes+=(\"160301009d010000990303c7c5b3ff80b3aa597c770c538b98ae34a94c9590ad8f947ba7bc28692061cb57000016c02bc02fc00ac009c013c01400330039002f0035000a0100005a0000001800160000136d78332e73656374696f6e7a65726f2e6f7267ff01000100000a00080006001700180019000b0002010000230000000500050100000000000d001600140401050106010201040305030603020304020202\")";
 $sim->{protos} = "protos+=(\"-tls1_2 -tls1_1 -tls1\")";
 $sim->{lowestProtocol} = "lowest_protocol+=(\"0x0301\")";
 $sim->{highestProtocol} = "highest_protocol+=(\"0x0303\")";
 $sim->{service} = "service+=(\"SMTP,POP,IMAP\")";
 $sim->{minDhBits} = "minDhBits+=(-1)";
 $sim->{maxDhBits} = "maxDhBits+=(-1)";
 $sim->{minRsaBits} = "minRsaBits+=(-1)";
 $sim->{maxRsaBits} = "maxRsaBits+=(-1)";#
 $sim->{minEcdsaBits} = "minEcdsaBits+=(-1)";
 $sim->{requiresSha2} = "requiresSha2+=(false)";
 my %count;
 foreach my $shortname ( reverse sort keys %sims ) {
 	if ( $shortname =~ /^baidu/ ) {
 		$count{baidu}++;
 		if ( $count{baidu} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^bing/) {
 		$count{bing}++;
 		if ( $count{bing} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^chrome/) {
 		$count{chrome}++;
 		if ( $count{chrome} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^firefox/) {
 		$count{firefox}++;
 		if ( $count{firefox} <= 3 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^googlebot/) {
 		$count{googlebot}++;
 		if ( $count{googlebot} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^tor/) {
 		$count{tor}++;
 		if ( $count{tor} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^yahoo/) {
 		$count{yahoo}++;
 		if ( $count{yahoo} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^yandex/) {
 		$count{yandex}++;
 		if ( $count{yandex} <= 1 ) {
 			$sims{$shortname}->{current} = "current+=(true)";
 		} else {
 			$sims{$shortname}->{current} = "current+=(false)";
 		}
 	} elsif ($shortname =~ /^opera/) {
 		# Opera isn't a current browser
 		$sims{$shortname}->{current} = "current+=(false)";
 	} else {
 		# All versions are current
 		$sims{$shortname}->{current} = "current+=(true)";
 	}
 }
 open OUT, ">client-simulation-data.sh" or die "Unable to open client-simulation-data.sh";
 print OUT "#!/bin/bash
 # This file contains client handshake data used in the run_client_simulation function
 # Don't update this file by hand, but run util/update_client_sim_data.pl instead
 # Most clients are taken from Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients 
 ";
 foreach my $shortname ( sort keys %sims ) {
 	foreach my $k ( qw(name shortname ciphers sni warning handshakebytes protos lowestProtocol highestProtocol service
 		minDhBits maxDhBits minRsaBits maxRsaBits minEcdsaBits requiresSha2 current) ) {
 		print OUT "$sims{$shortname}->{$k}\n";
 	}
 	print OUT "\n";
 }
-
+close OUT;
 print OUT 
 '# --- testssl.sh maintained clients ---
 #TODO: These clients do not pass the unit tests, yet.     
 #names+=("Mail iOS 9.3.2                ")
 #short+=("mail_ios_932")
 #ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
 #sni+=("$SNI")
 #warning+=("")
 #handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
 #protos+=("#-tls1_1 -tls1")
 #lowest_protocol+=("0x0300")
 #highest_protocol+=("0x0301")
 #service+=("SMTP,POP,IMAP")
 #minDhBits+=(-1)
 #maxDhBits+=(-1)
 #minRsaBits+=(-1)
 #maxRsaBits+=(-1)
 #minEcdsaBits+=(-1)
 #requiresSha2+=(false)
 #
 #names+=("Mail OSX 10.11.15             ")
 #short+=("mail_osx_101115")
 #ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
 #sni+=("$SNI")
 #warning+=("")
 #handshakebytes+=("16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000")
 #protos+=("-tls1")
 #lowest_protocol+=("0x0301")
 #highest_protocol+=("0x0301")
 #service+=("SMTP,POP,IMAP")
 #minDhBits+=(-1)
 #maxDhBits+=(-1)
 #minRsaBits+=(-1)
 #maxRsaBits+=(-1)
 #minEcdsaBits+=(-1)
 #requiresSha2+=(false)
 names+=("Thunderbird 45.1.1 OSX 10.11  ")
 short+=("thudnerbird_45.1.1_osx_101115")
 ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
 sni+=("$SNI")
 warning+=("")
 handshakebytes+=("160301009d010000990303c7c5b3ff80b3aa597c770c538b98ae34a94c9590ad8f947ba7bc28692061cb57000016c02bc02fc00ac009c013c01400330039002f0035000a0100005a0000001800160000136d78332e73656374696f6e7a65726f2e6f7267ff01000100000a00080006001700180019000b0002010000230000000500050100000000000d001600140401050106010201040305030603020304020202")
 protos+=("-tls1_2 -tls1_1 -tls1")
 lowest_protocol+=("0x0301")
 highest_protocol+=("0x0303")
 service+=("SMTP,POP,IMAP")
 minDhBits+=(-1)
 maxDhBits+=(-1)
 minRsaBits+=(-1)
 maxRsaBits+=(-1)
 minEcdsaBits+=(-1)
 requiresSha2+=(false)
 ';
 exit;