mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
Merge branch '2.9dev' into negotiated_cipher
Conflicts: testssl.sh
This commit is contained in:
commit
e3c94d2a92
@ -28,7 +28,11 @@ get a warning for the other certificate stores while scanning internal net-
|
|||||||
works. Second catch: If you scan other hosts in the internet the check against
|
works. Second catch: If you scan other hosts in the internet the check against
|
||||||
your Root CA will fail, too. This will be fixed in the future, see #230.
|
your Root CA will fail, too. This will be fixed in the future, see #230.
|
||||||
|
|
||||||
#### Mapping files
|
#### Further needed files
|
||||||
The file ``mapping-rfc.txt`` uses the hexcode to map OpenSSL names
|
* ``mapping-rfc.txt`` uses the hexcode to map OpenSSL against the RFC/IANA names.
|
||||||
against the RFC/IANA names. ``curves.txt`` is not being used yet, it
|
|
||||||
is supposed to map EC curve names properly.
|
* ``ca_hashes.txt`` is used for HPKP test in order to have a fast comparison with known CAs
|
||||||
|
|
||||||
|
* ``common-primes.txt`` is used for LOGJAM
|
||||||
|
|
||||||
|
* ``client_simulation.txt`` as the name indicates it's the data for the client simulation
|
||||||
|
777
etc/client_simulation.txt
Normal file
777
etc/client_simulation.txt
Normal file
@ -0,0 +1,777 @@
|
|||||||
|
|
||||||
|
# Most clients are taken from Qualys SSL Labs --- From: https://api.dev.ssllabs.com/api/v3/getClients
|
||||||
|
|
||||||
|
names+=("Android 2.3.7 ")
|
||||||
|
short+=("android_237")
|
||||||
|
ciphers+=("RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160301004b010000470301531f3de6b36804738bbb94a6ecd570a544789c3bb0a6ef8b9d702f997d928d4b00002000040005002f00330032000a00160013000900150012000300080014001100ff0100")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Android 4.1.1 ")
|
||||||
|
short+=("android_411")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100d7010000d30301531f3f6dd9eb5f6b3586c628cc2cdc82cdb259b1a096237ba4df30dbbc0f26fb000044c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc0020005000400ff020100006500000014001200000f7777772e73736c6c6162732e636f6d000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000f00010133740000")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Android 4.2.2 ")
|
||||||
|
short+=("android_422")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100d1010000cd0301531f40a89e11d5681f563f3dad094375227035d4e9d2c1654d7d3954e3254558000044c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc0020005000400ff0100006000000014001200000f7777772e73736c6c6162732e636f6d000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f001000110023000033740000")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Android 4.4.2 ")
|
||||||
|
short+=("android_442")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100d1010000cd0303531f4317998fb70d57feded18c14433a1b665f963f7e3b1b045b6cc3d61bf21300004cc030c02cc014c00a00a3009f006b006a00390038009d003d0035c012c00800160013000ac02fc02bc027c023c013c00900a2009e0067004000330032009c003c002fc011c0070005000400ff0100005800000014001200000f7777772e73736c6c6162732e636f6d000b00020100000a0008000600190018001700230000000d00220020060106020603050105020503040104020403030103020303020102020203010133740000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Android 5.0.0 ")
|
||||||
|
short+=("android_500")
|
||||||
|
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-GCM-SHA256:AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100bd010000b9030354c21737f3d9d10696c91debf12415f9c45833a83cfbbd4c60c9b91407d2316b000038cc14cc13cc15c014c00a003900380035c012c00800160013000ac02fc02bc013c00900a2009e00330032009c002fc011c0070005000400ff0100005800000014001200000f6465762e73736c6c6162732e636f6d00230000000d00220020060106020603050105020503040104020403030103020303020102020203010133740000000b00020100000a00080006001900180017")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Android 6.0 ")
|
||||||
|
short+=("android_60")
|
||||||
|
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100e2010000de030352f98411589cd6cd9dd403e70b1685b464a1d8c7495214d2c29b557738599f3420706946c402bf34b6356bfa5979bc3c65e1979a8fc632c201e976fef1ec3d55870022cc14cc13cc15c02bc02f009ec00ac0140039c009c0130033009c0035002f000a00ff0100007300000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d001600140601060305010503040104030301030302010203000500050100000000337400000012000000100014001208687474702f312e3108737064792f332e31000b00020100000a0006000400170018")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Android 7.0 ")
|
||||||
|
short+=("android_70")
|
||||||
|
ciphers+=("ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100e4010000e0030366285fd01ec41e6b9c032a373d4607a6349c509d8a1b142cecc6820364d6eab42024c69f1c56165106d550c4c72135be8c3fe21f72843d19e663602d6476babc090022cca9cca8cc14cc13c02bc02fc02cc030c009c013c00ac014009c009d002f0035000a01000075ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d00120010060106030501050304010403020102030005000501000000000012000000100017001502683208737064792f332e3108687474702f312e31000b00020100000a00080006001d00170018")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Baidu Jan 2015 ")
|
||||||
|
short+=("baidu_jan_2015")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-MD5:RC4-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100a30100009f030154c1a814c755540538a93b25e7824623d0ee9fc294ee752869cf76819edb3aa200004800ffc00ac0140088008700390038c00fc00500840035c007c009c011c0130045004400330032c00cc00ec002c0040096004100040005002fc008c01200160013c00dc003feff000a0100002e00000014001200000f6465762e73736c6c6162732e636f6d000a00080006001700180019000b0002010000230000")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("BingPreview Jan 2015 ")
|
||||||
|
short+=("bingpreview_jan_2015")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030101510100014d030354c13b79c1ca7169ae70c45d43311f9290d8ac1e326dfc36ff0aa99ea85406d50000a0c030c02cc028c024c014c00ac022c02100a3009f006b006a0039003800880087c032c02ec02ac026c00fc005009d003d00350084c012c008c01cc01b00160013c00dc003000ac02fc02bc027c023c013c009c01fc01e00a2009e0067004000330032009a009900450044c031c02dc029c025c00ec004009c003c002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff020100008300000014001200000f6465762e73736c6c6162732e636f6d000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011000d002200200601060206030501050205030401040204030301030203030201020202030101000f000101")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("Chrome 48 OS X ")
|
||||||
|
short+=("chrome_48_osx")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES128-GCM-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100ca010000c603037ac82baca9c0d08b1a01ecfb0bf5824f195153e0c6b4b48f5bf4621846376e8a00001ec02bc02f009ecc14cc13c00ac0140039c009c0130033009c0035002f000a0100007fff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d001600140601060305010503040104030301030302010203000500050100000000337400000012000000100017001502683208737064792f332e3108687474702f312e3175500000000b00020100000a0006000400170018")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(8192)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("Chrome 51 Win 7 ")
|
||||||
|
short+=("chrome_51_win7")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100bf010000bb030355079db3b53ce2a6d3335902717ae6a84cc4b855d0b68775ac287f38da343c55000022c02bc02fc02cc030cca9cca8cc14cc13c009c013c00ac014009c009d002f0035000a01000070ff0100010000000014001200000f6465762e73736c6c6162732e636f6d0017000000230000000d0012001006010603050105030401040302010203000500050100000000001200000010000e000c02683208687474702f312e3175500000000b00020100000a00080006001d00170018")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Edge 13 Win 10 ")
|
||||||
|
short+=("edge_13_win10")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300d7010000d30303576c36d45fdcc8fdee4c62a86ccb3c116eaf6ba23d0726162972e953b993a96a000038c02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130100007200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d00140012040105010201040305030203020206010603002300000010000e000c02683208687474702f312e310017000055000006000100020002ff01000100")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Edge 13 Win Phone 10 ")
|
||||||
|
short+=("edge_13_winphone10")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300d3010000cf0303565ee836e62e7b9b734f4dca5f3f1ad62dc4e5f87bdf6c90f325b6a2e0012705000034c02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a006a00400038003200130100007200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d00140012040105010201040305030203020206010603002300000010000e000c02683208687474702f312e310017000055000006000100020002ff01000100")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Firefox 45 Win 7 ")
|
||||||
|
short+=("firefox_45_win7")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100d8010000d40303c45b58b30c163444fbca2e8a1832e5a36999712fa83d7ff6b6c13d5a22181e7f205fd10ae0807128c0c0ede2914316ac6b777e529c1f0e89c849cdf0cbde26efa00016c02bc02fc00ac009c013c01400330039002f0035000a0100007500000014001200000f6465762e73736c6c6162732e636f6dff01000100000a00080006001700180019000b00020100002300003374000000100017001502683208737064792f332e3108687474702f312e31000500050100000000000d001600140401050106010201040305030603020304020202")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1023)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("Firefox 49 Win 7 ")
|
||||||
|
short+=("firefox_49_win7")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100e6010000e20303129162aca1f789ad3a792eaa766ba345770bbf2eb466e80bb51c3da72a29f95420b4419268602b765f6f206b948f9e6561cdd1f43606a44dc6fb2448862e26fc50001ec02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a0100007b00000014001200000f6465762e73736c6c6162732e636f6d00170000ff01000100000a00080006001700180019000b00020100002300003374000000100017001502683208737064792f332e3108687474702f312e31000500050100000000000d0018001604010501060102010403050306030203050204020202")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1023)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Firefox 49 XP SP3 ")
|
||||||
|
short+=("firefox_49_xpsp3")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100c6010000c20303655bcc0742ffca05df48e52838a668733165388e09df153a44cbdc7c39c0bb4300001ec02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a0100007b00000014001200000f6465762e73736c6c6162732e636f6d00170000ff01000100000a00080006001700180019000b00020100002300003374000000100017001502683208737064792f332e3108687474702f312e31000500050100000000000d0018001604010501060102010403050306030203050204020202")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1023)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Googlebot Feb 2015 ")
|
||||||
|
short+=("googlebot_feb_2015")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:RC4-SHA:RC4-MD5:AES128-SHA:DES-CBC3-SHA:AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100db010000d70303d9c72e000f6a7f0a156840bd4aa9fd0612df4aeb69a1a1c6452c5f1f4d0ba6b000002ac02bc02fc007c011c009c013c00ac014009c00050004002f000a003500330032001600130039003800ff0100008400000014001200000f6465762e73736c6c6162732e636f6d00230000000d0020001e06010602060305010502050304010402040303010302030302010202020333740000000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("IE 11 Win 10 ")
|
||||||
|
short+=("ie_11_win10")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300d7010000d30303576c3861086a497dbb46489b67a88ac2e541c4863147fd09634bd0c630b73e92000038c02cc02bc030c02f009f009ec024c023c028c027c00ac009c014c01300390033009d009c003d003c0035002f000a006a00400038003200130100007200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d00140012040105010201040305030203020206010603002300000010000e000c02683208687474702f312e310017000055000006000100020002ff01000100")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 11 Win 7 ")
|
||||||
|
short+=("ie_11_win7")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300b7010000b30303576b1fad9e727d57d0e40cae894f1f8f4608151d627affc2f1e20c2df7fefe5d000038c028c027c014c013009f009e00390033009d009c003d003c0035002fc02cc02bc024c023c00ac009006a004000380032000a0013000500040100005200000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d0014001206010603040105010201040305030203020200170000ff01000100")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 11 Win 8.1 ")
|
||||||
|
short+=("ie_11_win81")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300d1010000cd0303576c36e03bf1afe8d81100c68adc72bd0c678a5162275a5569651875123a7bec000034c028c027c014c013009f009e00390033009d009c003d003c0035002fc02cc02bc024c023c00ac009006a004000380032000a00130100007000000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d001400120401050106010201040305030603020302020023000000100012001006737064792f3308687474702f312e313374000000170000ff01000100")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(1024)
|
||||||
|
maxDhBits+=(4096)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(16384)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 11 Win Phone 8.1 ")
|
||||||
|
short+=("ie_11_winphone81")
|
||||||
|
ciphers+=("AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300bb010000b703035363d297ad92a8fe276a4e5b9395d593e96fff9c3df0987e5dfbab544ce05832000026003c002f003d0035000ac027c013c014c02bc023c02cc024c009c00a00400032006a0038001301000068ff0100010000000014001200000f7777772e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d0010000e04010501020104030503020302020023000000100012001006737064792f3308687474702f312e3133740000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 11 Win Phone 8.1 Update ")
|
||||||
|
short+=("ie_11_winphone81update")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300c5010000c103035537a79a55362d42c3b3308fea91e85c5656021153d0a4baf03e7fef6e315c72000030c028c027c014c013009f009e009d009c003d003c0035002fc02cc02bc024c023c00ac009006a004000380032000a001301000068ff0100010000000014001200000f6465762e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100000d0010000e04010501020104030503020302020023000000100012001006737064792f3308687474702f312e3133740000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 6 XP ")
|
||||||
|
short+=("ie_6_xp")
|
||||||
|
ciphers+=("RC4-MD5:RC4-SHA:DES-CBC3-SHA:RC4-MD5:DES-CBC3-MD5:RC2-CBC-MD5:DES-CBC-SHA:DES-CBC-MD5:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("804f01030000360000001000000400000500000a0100800700c00300800000090600400000640000620000030000060200800400800000130000120000630000ffd9f61eed63ba552d0bca94dc016081a3")
|
||||||
|
protos+=("-ssl3 -ssl2")
|
||||||
|
lowest_protocol+=("0x0200")
|
||||||
|
highest_protocol+=("0x0300")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 7 Vista ")
|
||||||
|
short+=("ie_7_vista")
|
||||||
|
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160301007d01000079030151fa62ab452795b7003c5f93ab677dbf57dd62bfa39e0ffaaeabe45b06552452000018002f00350005000ac009c00ac013c01400320038001300040100003800000014001200000f7777772e73736c6c6162732e636f6d000500050100000000000a00080006001700180019000b00020100ff01000100")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 8 Win 7 ")
|
||||||
|
short+=("ie_8_win7")
|
||||||
|
ciphers+=("AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES128-SHA:DHE-DSS-AES256-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160301007b01000077030151facea9bfdefb38bc40987322ebdc092498fc6e64e491683abd95179ea8405c000018002f00350005000ac013c014c009c00a003200380013000401000036ff0100010000000014001200000f7777772e73736c6c6162732e636f6d000500050100000000000a0006000400170018000b00020100")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("IE 8 XP ")
|
||||||
|
short+=("ie_8_xp")
|
||||||
|
ciphers+=("RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("1603010048010000440301550bf46d2cff1997bd24885e963ba61faa8be6c28835c1f9bf74c1675cd3cf8500001600040005000a0009006400620003000600130012006301000005ff01000100")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Java 6u45 ")
|
||||||
|
short+=("java_6u45")
|
||||||
|
ciphers+=("RC4-MD5:RC4-MD5:RC4-SHA:AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DES-CBC3-SHA:DES-CBC3-MD5:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC-SHA:DES-CBC-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
sni+=("")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("8065010301003c0000002000000401008000000500002f00003300003200000a0700c00000160000130000090600400000150000120000030200800000080000140000110000ff52173357f48ce6722f974dbb429b9279208d1cf5b9088947c9ba16d9ecbc0fa6")
|
||||||
|
protos+=("-tls1 -ssl3 -ssl2")
|
||||||
|
lowest_protocol+=("0x0200")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("ANY")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(1024)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Java 7u25 ")
|
||||||
|
short+=("java_7u25")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100ad010000a9030152178334e8b855253e50e4623e475b6941c18cc312de6395a98e1cd4fd6735e700002ac009c013002fc004c00e00330032c007c0110005c002c00cc008c012000ac003c00d00160013000400ff01000056000a0034003200170001000300130015000600070009000a0018000b000c0019000d000e000f001000110002001200040005001400080016000b0002010000000014001200000f7777772e73736c6c6162732e636f6d")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("ANY")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(1024)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Java 8b132 ")
|
||||||
|
short+=("java_8b132")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300e7010000e303035319a4a6c3909b598b7f5c0923999b7fa67cf6e79f73a016ea39a221c6989eeb000046c023c027003cc025c02900670040c009c013002fc004c00e00330032c007c0110005c002c00cc02bc02f009cc02dc031009e00a2c008c012000ac003c00d00160013000400ff01000074000a0034003200170001000300130015000600070009000a0018000b000c0019000d000e000f001000110002001200040005001400080016000b00020100000d001a001806030601050305010403040103030301020302010202010100000014001200000f7777772e73736c6c6162732e636f6d")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("ANY")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(2048)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("OpenSSL 1.0.1l ")
|
||||||
|
short+=("openssl_101l")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160301014f0100014b030332b230e5dd8c5573c219a243f397e31f407c7a93b60a26e7c3d5cca06a566fe1000094c030c02cc028c024c014c00a00a3009f006b006a0039003800880087c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a2009e0067004000330032009a009900450044c031c02dc029c025c00ec004009c003c002f009600410007c011c007c00cc00200050004c012c00800160013c00dc003000a0015001200090014001100080006000300ff0100008e00000014001200000f6465762e73736c6c6162732e636f6d000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000d0020001e060106020603050105020503040104020403030103020303020102020203000500050100000000000f000101")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("ANY")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("OpenSSL 1.0.2e ")
|
||||||
|
short+=("openssl_102e")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DH-DSS-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DH-RSA-CAMELLIA256-SHA:DH-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DH-DSS-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DH-RSA-SEED-SHA:DH-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DH-RSA-CAMELLIA128-SHA:DH-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DH-RSA-DES-CBC-SHA:DH-DSS-DES-CBC-SHA:DES-CBC-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030101590100015503032a9db79b37d9364a9a685dc25bfec88c21ef88c206a20b9801108c67607e79800000b6c030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f009600410007c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00150012000f000c000900ff0100007600000014001200000f6465762e73736c6c6162732e636f6d000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000500050100000000000f000101")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("ANY")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Opera 17 Win 7 ")
|
||||||
|
short+=("opera_17_win7")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:AES256-SHA:AES256-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA:RC4-SHA:RC4-MD5:AES128-SHA:AES128-SHA256:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100d5010000d10303526793c01b8d4859d838c8658f07f895a2f35ba16fb786644db811b856197e9b000028c00ac0140039006b0035003dc007c009c023c011c013c02700330067003200050004002f003c000a0100008000000014001200000f7777772e73736c6c6162732e636f6dff01000100000a00080006001700180019000b00020100002300003374000000100022002006737064792f3206737064792f3308737064792f332e3108687474702f312e31754f0000000500050100000000000d0012001004010501020104030503020304020202")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(4096)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("Safari 5.1.9 OS X 10.6.8 ")
|
||||||
|
short+=("safari_519_osx1068")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP-RC4-MD5:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC3-SHA:EDH-DSS-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160301009d01000099030151d15dc2887b1852fd4291e36c3f4e8a35266e15dd6354779fbf5438b59b42da000046c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110100002a00000014001200000f7777772e73736c6c6162732e636f6d000a00080006001700180019000b00020100")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(4096)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Safari 6.0.4 OS X 10.8.4 ")
|
||||||
|
short+=("safari_604_osx1084")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100a9010000a5030151fa327c6576dadde1e8a89d4d45bdc1d0c107b8cbe998337e02ca419a0bcb30204dd1c85d9fbc1607b27a35ec9dfd1dae2c589483843a73999c9de205748633b1003200ffc00ac009c007c008c014c013c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0033003900160100002a00000014001200000f7777772e73736c6c6162732e636f6d000a00080006001700180019000b00020100")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(4096)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Safari 7 OS X 10.9 ")
|
||||||
|
short+=("safari_7_osx109")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES128-SHA:RC4-SHA:RC4-MD5:AES256-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EDH-RSA-DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100d1010000cd030351fa3664edce86d82606540539ccd388418b1a5cb8cfda5e15349c635d4b028b203bf83c63e3da6777e407300b5d657e429f11cd7d857977e4390fda365b8d4664004a00ffc024c023c00ac009c007c008c028c027c014c013c011c012c026c025c02ac029c005c004c002c003c00fc00ec00cc00d003d003c002f000500040035000a0067006b0033003900160100003a00000014001200000f7777772e73736c6c6162732e636f6d000a00080006001700180019000b00020100000d000c000a05010401020104030203")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(4096)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Safari 8 OS X 10.10 ")
|
||||||
|
short+=("safari_8_osx1010")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDH-ECDSA-AES256-SHA384:ECDH-ECDSA-AES128-SHA256:ECDH-ECDSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-DES-CBC3-SHA:ECDH-RSA-AES256-SHA384:ECDH-RSA-AES128-SHA256:ECDH-RSA-AES256-SHA:ECDH-RSA-AES128-SHA:ECDH-RSA-DES-CBC3-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100b5010000b1030354c20a44e0d7681f3d55d7e9a764b67e6ffa6722c17b21e15bc2c9c98892460a00004a00ffc024c023c00ac009c008c028c027c014c013c012c026c025c005c004c003c02ac029c00fc00ec00d006b0067003900330016003d003c0035002f000ac007c011c002c00c000500040100003e00000014001200000f6465762e73736c6c6162732e636f6d000a00080006001700180019000b00020100000d000c000a0501040102010403020333740000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(768)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(8192)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Safari 9 iOS 9 ")
|
||||||
|
short+=("safari_9_ios9")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100e2010000de030355fb38fdc94c6c1ff6ee066f0e69579f40a83ce5454787e8834b60fd8c31e5ac00003400ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000ac007c011000500040100008100000014001200000f6465762e73736c6c6162732e636f6d000a00080006001700180019000b00020100000d000e000c0501040102010503040302033374000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e3100050005010000000000120000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(768)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(8192)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Safari 9 OS X 10.11 ")
|
||||||
|
short+=("safari_9_osx1011")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:RC4-SHA:RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100e2010000de030355def1c4d1f6a12227389012da236581104b0bfa8b8a5bc849372531349dccc600003400ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000ac007c011000500040100008100000014001200000f6465762e73736c6c6162732e636f6d000a00080006001700180019000b00020100000d000e000c0501040102010503040302033374000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e3100050005010000000000120000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(768)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(8192)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Safari 10 OS X 10.12 ")
|
||||||
|
short+=("safari_10_osx1012")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100e2010000de030357fde32ec4b7eb1c967e535ba93d9129ffd6a35fc5d6b14f785205e2a0c7e35600002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a0100008900000014001200000f6465762e73736c6c6162732e636f6d000a00080006001700180019000b00020100000d00120010040102010501060104030203050306033374000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e310005000501000000000012000000170000")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1")
|
||||||
|
lowest_protocol+=("0x0301")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(768)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(8192)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Apple ATS 9 iOS 9 ")
|
||||||
|
short+=("apple_ats_9_ios9")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030300c6010000c2030355def146b7ed606006d8d54a3ece6c9c1b5070b51ce0e81d354178f0311d2e0100001800ffc02cc02bc024c00ac023c009c030c02fc028c027c0130100008100000014001200000f6465762e73736c6c6162732e636f6d000a00080006001700180019000b00020100000d000e000c0501040102010503040302033374000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e3100050005010000000000120000")
|
||||||
|
protos+=("-tls1_2")
|
||||||
|
lowest_protocol+=("0x0303")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP")
|
||||||
|
minDhBits+=(768)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(2048)
|
||||||
|
maxRsaBits+=(8192)
|
||||||
|
minEcdsaBits+=(256)
|
||||||
|
requiresSha2+=(true)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Tor 17.0.9 Win 7 ")
|
||||||
|
short+=("tor_1709_win7")
|
||||||
|
ciphers+=("ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:CAMELLIA256-SHA:AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-RC4-SHA:ECDH-RSA-AES128-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-AES128-SHA:SEED-SHA:CAMELLIA128-SHA:RC4-SHA:RC4-MD5:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030100a30100009f0301526795b7dd72263ca4170729d52799a927b2e8ec0e2d844bca2cd7061de7a57d00004800ffc00ac0140088008700390038c00fc00500840035c007c009c011c0130045004400330032c00cc00ec002c0040096004100050004002fc008c01200160013c00dc003feff000a0100002e00000014001200000f7777772e73736c6c6162732e636f6d000a00080006001700180019000b0002010033740000")
|
||||||
|
protos+=("-tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0301")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(true)
|
||||||
|
|
||||||
|
names+=("Yahoo Slurp Jan 2015 ")
|
||||||
|
short+=("yahoo_slurp_jan_2015")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("160301011a01000116030354c1f2e62a9427a5c66f85499abd08114e2f02822304c68a85ebf2b54182bca5000094c030c02cc028c024c014c00a00a3009f006b006a0039003800880087c032c02ec02ac026c00fc005009d003d00350084c012c00800160013c00dc003000ac02fc02bc027c023c013c00900a2009e0067004000330032009a009900450044c031c02dc029c025c00ec004009c003c002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff0100005900000014001200000f6465762e73736c6c6162732e636f6d000b000403000102000a000600040018001700230000000d002200200601060206030501050205030401040204030301030203030201020202030101000f000101")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
||||||
|
names+=("YandexBot Jan 2015 ")
|
||||||
|
short+=("yandexbot_jan_2015")
|
||||||
|
ciphers+=("ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:SRP-DSS-AES-256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:SRP-DSS-3DES-EDE-CBC-SHA:SRP-RSA-3DES-EDE-CBC-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:SRP-DSS-AES-128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5")
|
||||||
|
sni+=("$SNI")
|
||||||
|
warning+=("")
|
||||||
|
handshakebytes+=("16030101400100013c03030732cb0b19a74de19e2e6047368eea606cabff2fa27be340c8dee38625eedccd00008ec030c02cc028c024c014c00ac022c02100a3009f006b006a00390038c032c02ec02ac026c00fc005009d003d0035c012c008c01cc01b00160013c00dc003000ac02fc02bc027c023c013c009c01fc01e00a2009e0067004000330032c031c02dc029c025c00ec004009c003c002f0007c011c007c00cc002000500040015001200090014001100080006000300ff0100008500000014001200000f6465762e73736c6c6162732e636f6d000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f0010001100230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101")
|
||||||
|
protos+=("-tls1_2 -tls1_1 -tls1 -ssl3")
|
||||||
|
lowest_protocol+=("0x0300")
|
||||||
|
highest_protocol+=("0x0303")
|
||||||
|
service+=("HTTP,FTP")
|
||||||
|
minDhBits+=(-1)
|
||||||
|
maxDhBits+=(-1)
|
||||||
|
minRsaBits+=(-1)
|
||||||
|
maxRsaBits+=(-1)
|
||||||
|
minEcdsaBits+=(-1)
|
||||||
|
requiresSha2+=(false)
|
||||||
|
current+=(false)
|
||||||
|
|
89
testssl.sh
89
testssl.sh
@ -227,8 +227,7 @@ HAS_FALLBACK_SCSV=false
|
|||||||
HAS_PROXY=false
|
HAS_PROXY=false
|
||||||
HAS_XMPP=false
|
HAS_XMPP=false
|
||||||
HAS_POSTGRES=false
|
HAS_POSTGRES=false
|
||||||
ADD_RFC_STR="rfc" # display RFC ciphernames
|
DISPLAY_CIPHERNAMES="openssl" # display OpenSSL ciphername (but both OpenSSL and RFC ciphernames in wide mode)
|
||||||
SHOW_RFC="" # display RFC ciphernames instead of OpenSSL ciphernames
|
|
||||||
PORT=443 # unless otherwise auto-determined, see below
|
PORT=443 # unless otherwise auto-determined, see below
|
||||||
NODE=""
|
NODE=""
|
||||||
NODEIP=""
|
NODEIP=""
|
||||||
@ -2266,8 +2265,21 @@ show_rfc_style(){
|
|||||||
}
|
}
|
||||||
|
|
||||||
neat_header(){
|
neat_header(){
|
||||||
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${ADD_RFC_STR:+ Cipher Suite Name (RFC)}\n"
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
printf -- "%s--------------------------------------------------------------------------${ADD_RFC_STR:+---------------------------------------------------}\n"
|
printf -- "Hexcode Cipher Suite Name (RFC) KeyExch. Encryption Bits"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- " Cipher Suite Name (OpenSSL)"
|
||||||
|
outln
|
||||||
|
printf -- "%s------------------------------------------------------------------------------------------"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- "---------------------------------------"
|
||||||
|
outln
|
||||||
|
else
|
||||||
|
printf -- "Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && printf -- " Cipher Suite Name (RFC)"
|
||||||
|
outln
|
||||||
|
printf -- "%s--------------------------------------------------------------------------"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && printf -- "---------------------------------------------------"
|
||||||
|
outln
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -2292,12 +2304,18 @@ neat_list(){
|
|||||||
enc="${enc//POLY1305/}" # remove POLY1305
|
enc="${enc//POLY1305/}" # remove POLY1305
|
||||||
enc="${enc//\//}" # remove "/"
|
enc="${enc//\//}" # remove "/"
|
||||||
|
|
||||||
echo "$export" | grep -iq export && strength="$strength,exp"
|
grep -iq export <<< "$export" && strength="$strength,exp"
|
||||||
|
|
||||||
[[ -n "$ADD_RFC_STR" ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && tls_cipher="$(show_rfc_style "$hexcode")"
|
||||||
|
|
||||||
if [[ "$5" == "false" ]]; then
|
if [[ "$5" == "false" ]]; then
|
||||||
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher")"
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
|
line="$(printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength")"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && line+="$(printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher")"
|
||||||
|
else
|
||||||
|
line="$(printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength")"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && line+="$(printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher")"
|
||||||
|
fi
|
||||||
pr_deemphasize "$line"
|
pr_deemphasize "$line"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -2314,7 +2332,13 @@ neat_list(){
|
|||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
#echo "${#kx}" # should be always 20 / 13
|
#echo "${#kx}" # should be always 20 / 13
|
||||||
printf -- " %-7s %-33s %-10s %-12s%-8s${ADD_RFC_STR:+ %-49s}${SHOW_EACH_C:+ %-0s}" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength" "$tls_cipher"
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
|
printf -- " %-7s %-49s %-10s %-12s%-8s" "$hexcode" "$tls_cipher" "$kx" "$enc" "$strength"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "rfc-only" ]] && printf -- " %-33s${SHOW_EACH_C:+ %-0s}" "$ossl_cipher"
|
||||||
|
else
|
||||||
|
printf -- " %-7s %-33s %-10s %-12s%-8s" "$hexcode" "$ossl_cipher" "$kx" "$enc" "$strength"
|
||||||
|
[[ "$DISPLAY_CIPHERNAMES" != "openssl-only" ]] && printf -- " %-49s${SHOW_EACH_C:+ %-0s}" "$tls_cipher"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
test_just_one(){
|
test_just_one(){
|
||||||
@ -4172,10 +4196,10 @@ run_client_simulation() {
|
|||||||
fi
|
fi
|
||||||
#FiXME: awk
|
#FiXME: awk
|
||||||
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||||
if [[ -z "$SHOW_RFC" ]] && ( [[ "$cipher" == TLS_* ]] || [[ "$cipher" == SSL_* ]] ); then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && ( [[ "$cipher" == TLS_* ]] || [[ "$cipher" == SSL_* ]] ); then
|
||||||
cipher="$(rfc2openssl "$cipher")"
|
cipher="$(rfc2openssl "$cipher")"
|
||||||
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||||
elif [[ -n "$SHOW_RFC" ]] && [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then
|
elif [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ "$cipher" != TLS_* ]] && [[ "$cipher" != SSL_* ]]; then
|
||||||
cipher="$(openssl2rfc "$cipher")"
|
cipher="$(openssl2rfc "$cipher")"
|
||||||
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
[[ -z "$cipher" ]] && cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||||
fi
|
fi
|
||||||
@ -4938,7 +4962,7 @@ run_server_preference() {
|
|||||||
|
|
||||||
pr_bold " Negotiated cipher "
|
pr_bold " Negotiated cipher "
|
||||||
default_cipher_ossl=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
default_cipher_ossl=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||||
if [[ -z "$SHOW_RFC" ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||||
default_cipher="$default_cipher_ossl"
|
default_cipher="$default_cipher_ossl"
|
||||||
else
|
else
|
||||||
default_cipher="$(openssl2rfc "$default_cipher_ossl")"
|
default_cipher="$(openssl2rfc "$default_cipher_ossl")"
|
||||||
@ -4997,7 +5021,7 @@ run_server_preference() {
|
|||||||
cipher1="${TLS_CIPHER_HEXCODE[j]}"
|
cipher1="${TLS_CIPHER_HEXCODE[j]}"
|
||||||
cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")"
|
cipher1="$(tolower "x${cipher1:2:2}${cipher1:7:2}${cipher1:12:2}")"
|
||||||
if [[ "$supported_sslv2_ciphers" =~ "$cipher1" ]]; then
|
if [[ "$supported_sslv2_ciphers" =~ "$cipher1" ]]; then
|
||||||
if ( [[ -z "$SHOW_RFC" ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then
|
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${TLS_CIPHER_OSSL_NAME[j]}" != "-" ]] ) || [[ "${TLS_CIPHER_RFC_NAME[j]}" == "-" ]]; then
|
||||||
cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}"
|
cipher[i]="${TLS_CIPHER_OSSL_NAME[j]}"
|
||||||
else
|
else
|
||||||
cipher[i]="${TLS_CIPHER_RFC_NAME[j]}"
|
cipher[i]="${TLS_CIPHER_RFC_NAME[j]}"
|
||||||
@ -5022,7 +5046,7 @@ run_server_preference() {
|
|||||||
proto[i]="SSLv3"
|
proto[i]="SSLv3"
|
||||||
cipher[i]=""
|
cipher[i]=""
|
||||||
cipher1=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
cipher1=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
if [[ -z "$SHOW_RFC" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||||
cipher[i]="$(rfc2openssl "$cipher1")"
|
cipher[i]="$(rfc2openssl "$cipher1")"
|
||||||
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1"
|
[[ -z "${cipher[i]}" ]] && cipher[i]="$cipher1"
|
||||||
fi
|
fi
|
||||||
@ -5039,7 +5063,7 @@ run_server_preference() {
|
|||||||
proto[i]=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
proto[i]=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
||||||
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||||
[[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack!
|
[[ ${cipher[i]} == "0000" ]] && cipher[i]="" # Hack!
|
||||||
if [[ -n "$SHOW_RFC" ]] && [[ -n "${cipher[i]}" ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${cipher[i]}" ]]; then
|
||||||
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
||||||
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||||
fi
|
fi
|
||||||
@ -5063,7 +5087,7 @@ run_server_preference() {
|
|||||||
cipher[i]=""
|
cipher[i]=""
|
||||||
else
|
else
|
||||||
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||||
if [[ -n "$SHOW_RFC" ]] && [[ -n "${cipher[i]}" ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]] && [[ -n "${cipher[i]}" ]]; then
|
||||||
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
cipher[i]="$(openssl2rfc "${cipher[i]}")"
|
||||||
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
[[ -z "${cipher[i]}" ]] && cipher[i]=$(grep -aw "Cipher" $TMPFILE | egrep -avw "New|is" | sed -e 's/^.*Cipher.*://' -e 's/ //g')
|
||||||
fi
|
fi
|
||||||
@ -5078,7 +5102,7 @@ run_server_preference() {
|
|||||||
if [[ -n "${cipher[i]}" ]]; then # cipher not empty
|
if [[ -n "${cipher[i]}" ]]; then # cipher not empty
|
||||||
if [[ -z "$prev_cipher" ]] || [[ "$prev_cipher" != "${cipher[i]}" ]]; then
|
if [[ -z "$prev_cipher" ]] || [[ "$prev_cipher" != "${cipher[i]}" ]]; then
|
||||||
[[ -n "$prev_cipher" ]] && outln
|
[[ -n "$prev_cipher" ]] && outln
|
||||||
if [[ -z "$SHOW_RFC" ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]]; then
|
||||||
printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
printf -- " %-30s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
||||||
else
|
else
|
||||||
printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
printf -- " %-51s %s" "${cipher[i]}:" "${proto[i]}" # print out both
|
||||||
@ -5341,14 +5365,14 @@ cipher_pref_check() {
|
|||||||
for (( i=0; i < nr_ciphers; i++ )); do
|
for (( i=0; i < nr_ciphers; i++ )); do
|
||||||
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
[[ "$cipher" == "${rfc_ciph[i]}" ]] && ciphers_found2[i]=true && break
|
||||||
done
|
done
|
||||||
if [[ -z "$SHOW_RFC" ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ $TLS_NR_CIPHERS -ne 0 ]]; then
|
||||||
cipher="$(rfc2openssl "$cipher")"
|
cipher="$(rfc2openssl "$cipher")"
|
||||||
# If there is no OpenSSL name for the cipher, then use the RFC name
|
# If there is no OpenSSL name for the cipher, then use the RFC name
|
||||||
[[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
[[ -z "$cipher" ]] && cipher=$(awk '/Cipher *:/ { print $3 }' "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt")
|
||||||
fi
|
fi
|
||||||
order+="$cipher "
|
order+="$cipher "
|
||||||
done
|
done
|
||||||
elif [[ -n "$order" ]] && [[ -n "$SHOW_RFC" ]]; then
|
elif [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
rfc_order=""
|
rfc_order=""
|
||||||
while read -d " " cipher; do
|
while read -d " " cipher; do
|
||||||
rfc_ciph="$(openssl2rfc "$cipher")"
|
rfc_ciph="$(openssl2rfc "$cipher")"
|
||||||
@ -5390,7 +5414,7 @@ cipher_pref_check() {
|
|||||||
order+="$cipher "
|
order+="$cipher "
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
if [[ -n "$order" ]] && [[ -n "$SHOW_RFC" ]]; then
|
if [[ -n "$order" ]] && [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
rfc_order=""
|
rfc_order=""
|
||||||
while read -d " " cipher; do
|
while read -d " " cipher; do
|
||||||
rfc_ciph="$(openssl2rfc "$cipher")"
|
rfc_ciph="$(openssl2rfc "$cipher")"
|
||||||
@ -6932,7 +6956,7 @@ run_pfs() {
|
|||||||
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
for (( i=0; i < nr_supported_ciphers; i++ )); do
|
||||||
! "${ciphers_found[i]}" && ! "$SHOW_EACH_C" && continue
|
! "${ciphers_found[i]}" && ! "$SHOW_EACH_C" && continue
|
||||||
if "${ciphers_found[i]}"; then
|
if "${ciphers_found[i]}"; then
|
||||||
if ( [[ -z "$SHOW_RFC" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||||
pfs_cipher="${ciph[i]}"
|
pfs_cipher="${ciph[i]}"
|
||||||
else
|
else
|
||||||
pfs_cipher="${rfc_ciph[i]}"
|
pfs_cipher="${rfc_ciph[i]}"
|
||||||
@ -10524,7 +10548,7 @@ run_beast(){
|
|||||||
[[ "$cbc_cipher" == "${ciph[i]}" ]] && break
|
[[ "$cbc_cipher" == "${ciph[i]}" ]] && break
|
||||||
done
|
done
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if [[ -z "$SHOW_RFC" ]] || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||||
detected_cbc_ciphers+="${ciph[i]} "
|
detected_cbc_ciphers+="${ciph[i]} "
|
||||||
else
|
else
|
||||||
detected_cbc_ciphers+="${rfc_ciph[i]} "
|
detected_cbc_ciphers+="${rfc_ciph[i]} "
|
||||||
@ -10555,7 +10579,7 @@ run_beast(){
|
|||||||
[[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break
|
[[ "$cbc_cipher" == "${rfc_ciph[i]}" ]] && break
|
||||||
done
|
done
|
||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if ( [[ -z "$SHOW_RFC" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||||
detected_cbc_ciphers+=" ${ciph[i]}"
|
detected_cbc_ciphers+=" ${ciph[i]}"
|
||||||
else
|
else
|
||||||
detected_cbc_ciphers+=" ${rfc_ciph[i]}"
|
detected_cbc_ciphers+=" ${rfc_ciph[i]}"
|
||||||
@ -10933,7 +10957,7 @@ run_rc4() {
|
|||||||
outln "${sigalg[i]}"
|
outln "${sigalg[i]}"
|
||||||
fi
|
fi
|
||||||
if "${ciphers_found[i]}"; then
|
if "${ciphers_found[i]}"; then
|
||||||
if ( [[ -z "$SHOW_RFC" ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
if ( [[ "$DISPLAY_CIPHERNAMES" =~ openssl ]] && [[ "${ciph[i]}" != "-" ]] ) || [[ "${rfc_ciph[i]}" == "-" ]]; then
|
||||||
rc4_detected+="${ciph[i]} "
|
rc4_detected+="${ciph[i]} "
|
||||||
else
|
else
|
||||||
rc4_detected+="${rfc_ciph[i]} "
|
rc4_detected+="${rfc_ciph[i]} "
|
||||||
@ -11028,8 +11052,7 @@ get_install_dir() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]]; then
|
if [[ ! -r "$CIPHERS_BY_STRENGTH_FILE" ]]; then
|
||||||
unset ADD_RFC_STR
|
DISPLAY_CIPHERNAMES="no-rfc"
|
||||||
unset SHOW_RFC
|
|
||||||
debugme echo "$CIPHERS_BY_STRENGTH_FILE"
|
debugme echo "$CIPHERS_BY_STRENGTH_FILE"
|
||||||
pr_warningln "\nATTENTION: No cipher mapping file found!"
|
pr_warningln "\nATTENTION: No cipher mapping file found!"
|
||||||
outln "Please note from 2.9dev on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
|
outln "Please note from 2.9dev on $PROG_NAME needs files in \"\$TESTSSL_INSTALL_DIR/etc/\" to function correctly."
|
||||||
@ -11094,7 +11117,7 @@ find_openssl_binary() {
|
|||||||
OSSL_VER=$($OPENSSL version 2>/dev/null | awk -F' ' '{ print $2 }')
|
OSSL_VER=$($OPENSSL version 2>/dev/null | awk -F' ' '{ print $2 }')
|
||||||
OSSL_VER_MAJOR=$(sed 's/\..*$//' <<< "$OSSL_VER")
|
OSSL_VER_MAJOR=$(sed 's/\..*$//' <<< "$OSSL_VER")
|
||||||
OSSL_VER_MINOR=$(sed -e 's/^.\.//' <<< "$OSSL_VER" | tr -d '[a-zA-Z]-')
|
OSSL_VER_MINOR=$(sed -e 's/^.\.//' <<< "$OSSL_VER" | tr -d '[a-zA-Z]-')
|
||||||
OSSL_VER_APPENDIX=$(tr -d '0-9.' "$OSSL_VER")
|
OSSL_VER_APPENDIX=$(tr -d '0-9.' <<< "$OSSL_VER")
|
||||||
OSSL_VER_PLATFORM=$($OPENSSL version -p 2>/dev/null | sed 's/^platform: //')
|
OSSL_VER_PLATFORM=$($OPENSSL version -p 2>/dev/null | sed 's/^platform: //')
|
||||||
OSSL_BUILD_DATE=$($OPENSSL version -a 2>/dev/null | grep '^built' | sed -e 's/built on//' -e 's/: ... //' -e 's/: //' -e 's/ UTC//' -e 's/ +0000//' -e 's/.000000000//')
|
OSSL_BUILD_DATE=$($OPENSSL version -a 2>/dev/null | grep '^built' | sed -e 's/built on//' -e 's/: ... //' -e 's/: //' -e 's/ UTC//' -e 's/ +0000//' -e 's/.000000000//')
|
||||||
grep -q "not available" <<< "$OSSL_BUILD_DATE" && OSSL_BUILD_DATE=""
|
grep -q "not available" <<< "$OSSL_BUILD_DATE" && OSSL_BUILD_DATE=""
|
||||||
@ -11285,8 +11308,10 @@ output options (can also be preset via environment variables):
|
|||||||
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
|
--quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner
|
||||||
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
|
--wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name
|
||||||
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
|
--show-each for wide outputs: display all ciphers tested -- not only succeeded ones
|
||||||
--mapping <rfc|no-rfc> (rfc: display the RFC Cipher Suite name instead of the OpenSSL name;
|
--mapping <openssl| openssl: use the OpenSSL Cipher suite name as the primary name cipher suite name form (default)
|
||||||
no-rfc: don't display the RFC Cipher Suite Name)
|
rfc| rfc: use the RFC Cipher suite name as the primary name cipher suite name form
|
||||||
|
no-openssl| no-openssl: don't display the OpenSSL Cipher Suite Name, display RFC names only
|
||||||
|
no-rfc> no-rfc: don't display the RFC Cipher Suite Name, display OpenSSL names only
|
||||||
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
|
--color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
|
||||||
--colorblind swap green and blue in the output
|
--colorblind swap green and blue in the output
|
||||||
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
|
--debug <0-6> 1: screen output normal but keeps debug output in /tmp/. 2-6: see "grep -A 5 '^DEBUG=' testssl.sh"
|
||||||
@ -12727,9 +12752,11 @@ parse_cmd_line() {
|
|||||||
cipher_mapping=$(parse_opt_equal_sign "$1" "$2")
|
cipher_mapping=$(parse_opt_equal_sign "$1" "$2")
|
||||||
[[ $? -eq 0 ]] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
case "$cipher_mapping" in
|
case "$cipher_mapping" in
|
||||||
no-rfc) unset ADD_RFC_STR; unset SHOW_RFC;;
|
no-openssl) DISPLAY_CIPHERNAMES="rfc-only" ;;
|
||||||
rfc) SHOW_RFC="rfc" ;;
|
no-rfc) DISPLAY_CIPHERNAMES="openssl-only" ;;
|
||||||
*) pr_magentaln "\nmapping can only be \"rfc\" or \"no-rfc\""
|
openssl) DISPLAY_CIPHERNAMES="openssl" ;;
|
||||||
|
rfc) DISPLAY_CIPHERNAMES="rfc" ;;
|
||||||
|
*) pr_warningln "\nmapping can only be \"no-openssl\", \"no-rfc\", \"openssl\" or \"rfc\""
|
||||||
help 1 ;;
|
help 1 ;;
|
||||||
esac
|
esac
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user