mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
Merge pull request #461 from dcooper16/tls_sockets_and_no_SNI
Fix tls_sockets() when SNI empty
This commit is contained in:
commit
caec8029f2
16
testssl.sh
16
testssl.sh
@ -5747,6 +5747,7 @@ socksend_tls_clienthello() {
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ -n "$SNI" ]]; then
|
||||
#formatted example for SNI
|
||||
#00 00 # extension server_name
|
||||
#00 1a # length = the following +2 = server_name length + 5
|
||||
@ -5761,6 +5762,7 @@ socksend_tls_clienthello() {
|
||||
len_servername_hex=$(printf "%02x\n" $len_servername)
|
||||
len_sni_listlen=$(printf "%02x\n" $((len_servername+3)))
|
||||
len_sni_ext=$(printf "%02x\n" $((len_servername+5)))
|
||||
fi
|
||||
|
||||
extension_signature_algorithms="
|
||||
00, 0d, # Type: signature_algorithms , see RFC 5246
|
||||
@ -5790,15 +5792,19 @@ socksend_tls_clienthello() {
|
||||
01, 00"
|
||||
|
||||
all_extensions="
|
||||
00, 00 # extension server_name
|
||||
$extension_heartbeat
|
||||
,$extension_session_ticket
|
||||
,$extension_next_protocol"
|
||||
|
||||
if [[ -n "$SNI" ]]; then
|
||||
all_extensions="$all_extensions
|
||||
,00, 00 # extension server_name
|
||||
,00, $len_sni_ext # length SNI EXT
|
||||
,00, $len_sni_listlen # server_name list_length
|
||||
,00 # server_name type (hostname)
|
||||
,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9
|
||||
,$servername_hexstr # server_name target
|
||||
,$extension_heartbeat
|
||||
,$extension_session_ticket
|
||||
,$extension_next_protocol"
|
||||
,$servername_hexstr" # server_name target
|
||||
fi
|
||||
|
||||
# RFC 5246 says that clients MUST NOT offer the signature algorithms
|
||||
# extension if they are offering TLS versions prior to 1.2.
|
||||
|
Loading…
Reference in New Issue
Block a user