mirror of
https://github.com/drwetter/testssl.sh.git
synced 2026-06-02 22:48:49 +02:00
Consolidated Handshakes
went through a couple of pcap files and determined ja3 + ja4 sums. - Android 15/16 are the same (previously ja3 taken instead of ja4 and wrong host. One has to use chrome !) - Edge 101/Chrome 101 are the same (will be deprated next time) - surprisingly Java 17.0.3 and 21.0.6 were the same. - Added: Ja3/ja4 for old Apple Mail and Thunderbird
This commit is contained in:
Dirk
+22
-10
@@ -310,8 +310,8 @@
|
||||
ja4+=("t13d1713h1_5b57614c22b0_352634941f3a")
|
||||
current+=(true)
|
||||
|
||||
names+=("Android 15 (native)")
|
||||
short+=("android_15")
|
||||
names+=("Android 15/16 (native)")
|
||||
short+=("android_15_16")
|
||||
ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
ch_sni+=("$SNI")
|
||||
@@ -330,8 +330,8 @@
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519MLKEM768:x25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(true)
|
||||
ja3+=("78c89591bc3fffbc6aa884cc7ebbbdb5")
|
||||
ja4+=("t13d1517h2_8daaf6152771_b6f405a00624")
|
||||
ja3+=("a04f2226447ea413dd5bf057ca4a4bdf")
|
||||
ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd")
|
||||
# careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here.
|
||||
current+=(true)
|
||||
|
||||
@@ -358,7 +358,8 @@
|
||||
ja3+=("1039cdb7642a736c706f52a335544033")
|
||||
ja4+=("t13d1516h2_8daaf6152771_d8a2da3f94cd")
|
||||
# careful! ja3 is is not unique here, probably because of GREASE. It's difficult to find to matching ja3 at all. ja4 seems more consistent here.
|
||||
current+=(true)
|
||||
current+=(false)
|
||||
# same as above, deducted from ja4 fingerprint
|
||||
|
||||
names+=("Chrome 27 Win 7")
|
||||
short+=("chrome_27_win7")
|
||||
@@ -993,7 +994,9 @@ names+=("Chrome 27 Win 7")
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(true)
|
||||
current+=(true)
|
||||
ja3+=("cd08e31494f9531f560d64c695473da9")
|
||||
ja4+=("t13d1516h2_8daaf6152771_e5627efa2ab1")
|
||||
current+=(false)
|
||||
|
||||
names+=("Chromium 137 (Win 11)")
|
||||
short+=("chromium_137_win11")
|
||||
@@ -2097,7 +2100,7 @@ names+=("Firefox 137 (Win 11)")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Edge 101 Win 10 21H2")
|
||||
names+=("Edge 101/Chrome 101 Win 10 21H2")
|
||||
short+=("edge_101_win10_21h2")
|
||||
ch_ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
|
||||
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
||||
@@ -2117,6 +2120,8 @@ names+=("Firefox 137 (Win 11)")
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1")
|
||||
requiresSha2+=(true)
|
||||
ja3+=("cd08e31494f9531f560d64c695473da9")
|
||||
ja4+=("t13d1516h2_8daaf6152771_e5627efa2ab1")
|
||||
current+=(true)
|
||||
|
||||
names+=("Edge 133 Win 11 23H2")
|
||||
@@ -3002,8 +3007,8 @@ names+=("Opera 66 (Win 10)")
|
||||
requiresSha2+=(false)
|
||||
current+=(false)
|
||||
|
||||
names+=("Java 17.0.3 (OpenJDK)")
|
||||
short+=("java_1703")
|
||||
names+=("Java 17.0.3/21.0.6 (OpenJDK)")
|
||||
short+=("java_1703_2106")
|
||||
ch_ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
||||
ciphersuites+=("TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256")
|
||||
ch_sni+=("$SNI")
|
||||
@@ -3021,6 +3026,8 @@ names+=("Opera 66 (Win 10)")
|
||||
minEcdsaBits+=(224)
|
||||
curves+=("x25519:secp256r1:secp384r1:secp521r1:x448:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
|
||||
requireseha2+=(true)
|
||||
ja3+=("60f3e2285bc991c380f822c6ac51f947")
|
||||
ja4+=("t13d311200_e8f1e7e78f70_6077d120928a")
|
||||
current+=(true)
|
||||
|
||||
names+=("Java 21.0.6 (OpenJDK)")
|
||||
@@ -3044,7 +3051,8 @@ names+=("Opera 66 (Win 10)")
|
||||
requiresSha2+=(true)
|
||||
ja3+=("60f3e2285bc991c380f822c6ac51f947")
|
||||
ja4+=("t13d311200_e8f1e7e78f70_6077d120928a")
|
||||
current+=(true)
|
||||
current+=(false)
|
||||
# same as above
|
||||
|
||||
names+=("go 1.17.8")
|
||||
short+=("go_1178")
|
||||
@@ -3400,6 +3408,8 @@ names+=("Opera 66 (Win 10)")
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("secp256r1:secp384r1:secp521r1")
|
||||
requiresSha2+=(false)
|
||||
ja3+=("e4d448cdfe06dc1243c1eb026c74ac9a")
|
||||
ja4+=("t12d220700_0d4ca5d4ec72_3304d8368043")
|
||||
current+=(true)
|
||||
|
||||
names+=("Thunderbird (60.6)")
|
||||
@@ -3466,6 +3476,8 @@ names+=("Opera 66 (Win 10)")
|
||||
minEcdsaBits+=(-1)
|
||||
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
||||
requiresSha2+=(false)
|
||||
ja3+=("490dba4384bdcf3fb9f1682374dd4afc")
|
||||
ja4+=("t13d181400_e8a523a41297_3d5424432f57")
|
||||
current+=(true)
|
||||
|
||||
names+=("Baidu Jan 2015")
|
||||
|
||||
Reference in New Issue
Block a user