Commit Graph

9 Commits

Author SHA1 Message Date
Dirk de7f7b6cab Check for OpenSSL + use unames 2018-11-12 20:46:35 +01:00
Dirk Wetter 55adbf905f
Merge pull request #1033 from dcooper16/client_sim_data_tls13
TLS 1.3 clients in update_client_sim_data.pl
2018-04-16 09:07:35 +02:00
David Cooper f0ebf0339b
update_client_sim_data.pl and GREASE ciphers
Two GREASE ciphers currently appear in https://api.dev.ssllabs.com/api/v3/getClients: 0x3A3A for Chrome 57 and 0xAAAA for Chrome 65.

update_client_sim_data.pl currently only recognizes 0x3A3A as a GREASE cipher and so prints a "FIXME" for 0xAAAA. This PR fixes the problem by adding all 16 ciphers from https://tools.ietf.org/html/draft-ietf-tls-grease-00 to update_client_sim_data.pl.
2018-04-13 17:19:27 -04:00
David Cooper 639b1af916 TLS 1.3 clients in update_client_sim_data.pl
https://api.dev.ssllabs.com/api/v3/getClients incorrectly indicates a highestProtocol of 771 (TLS 1.2) for clients that support TLS 1.3, which leads run_client_simulation() to incorrectly report "no connection" if the client would have actually connected using TLS 1.3.

This has been addressed by manually editing etc/client-simulation.txt to set the highest_protocol to 0x0304 for the clients that support TLS 1.3.

This PR modifies update_client_sim_data.pl to automatically apply the fix for clients that support TLS 1.3 in order to avoid a possible regression when etc/client-simulation.txt is updated.
2018-04-13 16:51:06 -04:00
David Cooper cd8ceae80e Add curve information to SSL native client simulations
When performing client simulations in "--ssl-native" mode, provide the client's list of supported curves to "$OPENSSL s_client" in order to make the results even more accurate.
2018-04-11 13:48:40 -04:00
David Cooper 39db50eea2 Improve SSL native client simulation
This PR improves client simulation in "--ssl-native" mode:

* It changes ${protos[i]} to list the protocols that should be disabled rather than those that should be enabled, except in the case that the client only supports one protocol.

* It sets the values for ${tlsvers[i]}, which is used in run_client_simulation(), but was not defined.

* It adds a new variable, ${ciphersuites[i]}, that lists the TLSv1.3 cipher suites supported by a client.

Client simulation still produces false results in "--ssl-native" mode, but the results are better than before.
2018-04-10 16:57:24 -04:00
Dirk 407358623e Fix, header restore, TLS13 ciphers
This fixes a bug which prevented the script from running properly. Also
the commit restores writing a correct comment header. In addition it
adds TLS 1.3 ciphers.
2018-01-03 21:41:09 +01:00
Dirk Wetter 4379174970 rename generated file, comment it better + take care of one GREASE cipher 2017-08-30 23:02:21 +02:00
Dirk ebd9e6ae65 manually merged #728 (see #423), credits also to @seccubus. Unfortunately the unit tests don't make so much sense atm 2017-05-08 23:51:37 +02:00