From cf0c1c1f5fb0792bbfa1b42afbfeaf622b82b54f Mon Sep 17 00:00:00 2001 From: Odinmylord Date: Wed, 22 Mar 2023 23:14:56 +0100 Subject: [PATCH 1/2] Added more details to the SignatureAlgorithms --- testssl.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/testssl.sh b/testssl.sh index b739044..57527eb 100755 --- a/testssl.sh +++ b/testssl.sh @@ -10380,7 +10380,7 @@ run_fs() { local -a ffdhe_groups_output=("ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192") local -a supported_curve local -a sigalgs_hex=("01,01" "01,02" "01,03" "02,01" "02,02" "02,03" "03,01" "03,02" "03,03" "04,01" "04,02" "04,03" "04,20" "05,01" "05,02" "05,03" "05,20" "06,01" "06,02" "06,03" "06,20" "07,08" "08,04" "08,05" "08,06" "08,07" "08,08" "08,09" "08,0a" "08,0b" "08,1a" "08,1b" "08,1c") - local -a sigalgs_strings=("RSA+MD5" "DSA+MD5" "ECDSA+MD5" "RSA+SHA1" "DSA+SHA1" "ECDSA+SHA1" "RSA+SHA224" "DSA+SHA224" "ECDSA+SHA224" "RSA+SHA256" "DSA+SHA256" "ECDSA+SHA256" "RSA+SHA256" "RSA+SHA384" "DSA+SHA384" "ECDSA+SHA384" "RSA+SHA384" "RSA+SHA512" "DSA+SHA512" "ECDSA+SHA512" "RSA+SHA512" "SM2+SM3" "RSA-PSS+SHA256" "RSA-PSS+SHA384" "RSA-PSS+SHA512" "Ed25519" "Ed448" "RSA-PSS+SHA256" "RSA-PSS+SHA384" "RSA-PSS+SHA512" "ECDSA+SHA256" "ECDSA+SHA384" "ECDSA+SHA512") + local -a sigalgs_strings=("RSA+MD5" "DSA+MD5" "ECDSA+MD5" "RSA+SHA1" "DSA+SHA1" "ECDSA+SHA1" "RSA+SHA224" "DSA+SHA224" "ECDSA+SHA224" "RSA+SHA256" "DSA+SHA256" "ECDSA+SHA256" "RSA+SHA256" "RSA+SHA384" "DSA+SHA384" "ECDSA+SHA384" "RSA+SHA384" "RSA+SHA512" "DSA+SHA512" "ECDSA+SHA512" "RSA+SHA512" "SM2+SM3" "RSA-PSS-RSAE+SHA256" "RSA-PSS-RSAE+SHA384" "RSA-PSS-RSAE+SHA512" "Ed25519" "Ed448" "RSA-PSS-PSS+SHA256" "RSA-PSS-PSS+SHA384" "RSA-PSS-PSS+SHA512" "ECDSA+SHA256" "ECDSA+SHA384" "ECDSA+SHA512") local -a tls13_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false") local -a tls12_supported_sigalgs=("false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false" "false") local rsa_cipher="" ecdsa_cipher="" dss_cipher="" @@ -15027,14 +15027,14 @@ parse_tls_serverhello() { if [[ 0x$peering_signing_digest -eq 8 ]] && \ [[ 0x$peer_signature_type -ge 4 ]] && [[ 0x$peer_signature_type -le 11 ]]; then case $peer_signature_type in - 04) peering_signing_digest="SHA256"; peer_signature_type="RSA-PSS" ;; - 05) peering_signing_digest="SHA384"; peer_signature_type="RSA-PSS" ;; - 06) peering_signing_digest="SHA512"; peer_signature_type="RSA-PSS" ;; + 04) peering_signing_digest="SHA256"; peer_signature_type="RSA-PSS-RSAE" ;; + 05) peering_signing_digest="SHA384"; peer_signature_type="RSA-PSS-RSAE" ;; + 06) peering_signing_digest="SHA512"; peer_signature_type="RSA-PSS-RSAE" ;; 07) peering_signing_digest=""; peer_signature_type="Ed25519" ;; 08) peering_signing_digest=""; peer_signature_type="Ed448" ;; - 09) peering_signing_digest="SHA256"; peer_signature_type="RSA-PSS" ;; - 0A) peering_signing_digest="SHA384"; peer_signature_type="RSA-PSS" ;; - 0B) peering_signing_digest="SHA512"; peer_signature_type="RSA-PSS" ;; + 09) peering_signing_digest="SHA256"; peer_signature_type="RSA-PSS-PSS" ;; + 0A) peering_signing_digest="SHA384"; peer_signature_type="RSA-PSS-PSS" ;; + 0B) peering_signing_digest="SHA512"; peer_signature_type="RSA-PSS-PSS" ;; esac if [[ -n "$peering_signing_digest" ]]; then echo "Peer signing digest: $peering_signing_digest" >> $TMPFILE From 035996cc4450b21ba4fb978eed7bd12fd1d766cf Mon Sep 17 00:00:00 2001 From: Odinmylord Date: Thu, 23 Mar 2023 00:14:15 +0100 Subject: [PATCH 2/2] updated default_testssl.csvfile with new RSA-PSS --- t/baseline_data/default_testssl.csvfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/t/baseline_data/default_testssl.csvfile b/t/baseline_data/default_testssl.csvfile index 4a0866b..28118ba 100644 --- a/t/baseline_data/default_testssl.csvfile +++ b/t/baseline_data/default_testssl.csvfile @@ -66,8 +66,8 @@ "FS_ciphers","testssl.sh/81.169.166.184","443","INFO","TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA TLS_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA","","" "FS_ECDHE_curves","testssl.sh/81.169.166.184","443","OK","prime256v1 secp384r1 secp521r1 X25519 X448","","" "DH_groups","testssl.sh/81.169.166.184","443","OK","Unknown DH group (2048 bits)","","" -"FS_TLS12_sig_algs","testssl.sh/81.169.166.184","443","INFO","RSA-PSS+SHA256 RSA-PSS+SHA384 RSA-PSS+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224","","" -"FS_TLS13_sig_algs","testssl.sh/81.169.166.184","443","INFO","RSA-PSS+SHA256 RSA-PSS+SHA384 RSA-PSS+SHA512","","" +"FS_TLS12_sig_algs","testssl.sh/81.169.166.184","443","INFO","RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512 RSA+SHA256 RSA+SHA384 RSA+SHA512 RSA+SHA224","","" +"FS_TLS13_sig_algs","testssl.sh/81.169.166.184","443","INFO","RSA-PSS-RSAE+SHA256 RSA-PSS-RSAE+SHA384 RSA-PSS-RSAE+SHA512","","" "HTTP_status_code","testssl.sh/81.169.166.184","443","INFO","200 OK ('/')","","" "HTTP_clock_skew","testssl.sh/81.169.166.184","443","INFO","0 seconds from localtime","","" "HTTP_headerTime","testssl.sh/81.169.166.184","443","INFO","1654006271","",""