Sockets for STARTTLS. Non HTTP(s) client simulations. Apple mail clients added.

In this commit clients are also tested when non-HTTP protocols are used. Each client now has a line that indicates what services the client can handle. Clients that match the current SERVICE tested or have service ANY (OpenSSL/Java) will be simulated, others will be ignored. I have removed the STARTTLS restriction from using sockets because sockets seem to handle starttls just fine. Update client SIM data has been updated to add two client we maintain ourselves: * Mail on iOS * Mail on OSX * Thunderbird on OSX
2025-09-06 03:52:54 +02:00 · 2016-06-27 11:10:52 +02:00
parent 4aba0b90bf
commit bba9905e62
3 changed files with 259 additions and 196 deletions
--- a/utils/update_client_sim_data.pl
+++ b/utils/update_client_sim_data.pl
@ -25,7 +25,7 @@ open OUT, ">client-simulation-data.sh" or die "Unable to open client-simulation-
 print OUT "#!/bin/bash

 # This file contains client handshake data used in the run_client_simulation function
-# Don't update this file by hand, but run util/parse_client_ciphers.pl instead
+# Don't update this file by hand, but run util/update_client_sim_data.pl instead

 # --- Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients ---
 ";
@ -122,9 +122,12 @@ foreach my $client ( @$ssllabs ) {
 	if ( lc($client->{name}) eq "java" || lc($client->{name}) eq "openssl" ) {
 		# Java and OpenSSL are generic clients
 		print OUT "service+=(\"ANY\")\n";		
-	} else {
-		# All others are HTTP(s) only
+	} elsif ( $shortname =~ /^apple_ats/ ) { 
+		# Apple ATS is HTTP(s) only
 		print OUT "service+=(\"HTTP\")\n";
+	} else {
+		# All others are HTTP(s)/FTP only
+		print OUT "service+=(\"HTTP,FTP\")\n";
 	}

 	# Bit size limitations
@ -145,17 +148,41 @@ foreach my $client ( @$ssllabs ) {
 print OUT 
 '# --- testssl.sh maintained clients ---
 	     
-#names+=("Mail iOS 9.3.2                ")
-#short+=("mail_ios_932")
-#ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
-#sni+=("$SNI")
-#warning+=("")
-#handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
-#protos+=("-no_ssl2 -ssl3")
-#tlsvers+=("-tls_1_2 -tls_1_1 -tls1")
-#lowest_protocol+=("0x0300")
-#highest_protocol+=("0x0304")
-#service+=("SMTP,POP,IMAP")
+names+=("Mail iOS 9.3.2                ")
+short+=("mail_ios_932")
+ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
+sni+=("$SNI")
+warning+=("")
+handshakebytes+=("16030100bb010000b703015767e6ae46f9abf3138e26a9f9880f9697bf3387f7eff709db1fa220e692d80420fb04b0979bae1664e11ef172d4dfba15af59dd200b7831992a35c73cde9efed9003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003c000000190017000014696d61702e73656374696f6e7a65726f2e6f7267000a00080006001700180019000b0002010000050005010000000000120000")
+protos+=("-no_ssl2 -ssl3")
+tlsvers+=("-tls1")
+lowest_protocol+=("0x0300")
+highest_protocol+=("0x0301")
+service+=("SMTP,POP,IMAP")
+minDhBits+=(-1)
+maxDhBits+=(-1)
+minRsaBits+=(-1)
+maxRsaBits+=(-1)
+minEcdsaBits+=(-1)
+requiresSha2+=(false)
+
+names+=("Mail OSX 10.11.15             ")
+short+=("mail_osx_101115")
+ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
+sni+=("$SNI")
+warning+=("")
+handshakebytes+=("16030100940100009003015770e928499e82df2eb7477200e2a828d9fa4109514385bd1602df44aaf2b0f400003200ffc024c023c00ac009c008c028c027c014c013c012006b0067003900330016003d003c0035002f000ac007c011000500040100003500000012001000000d3137382e3233372e33342e3932000a00080006001700180019000b0002010000050005010000000000120000")
+protos+=("-no_ssl2 -no_ssl3")
+tlsvers+=("-tls1")
+lowest_protocol+=("0x0301")
+highest_protocol+=("0x0301")
+service+=("SMTP,POP,IMAP")
+minDhBits+=(-1)
+maxDhBits+=(-1)
+minRsaBits+=(-1)
+maxRsaBits+=(-1)
+minEcdsaBits+=(-1)
+requiresSha2+=(false)
 ';

 exit;