mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
420fa73f5a
The ciphersuites string for Safari 13.0 ends with a colon (':'). which causes OpenSSL to reject the command line when client simulation testing is performed in --ssl-native mode. This PR fixes the problem by removing the trailing colon.
355 lines
32 KiB
Plaintext
355 lines
32 KiB
Plaintext
# This file contains client handshake data manually created from Wireshark.
|
|
# The content needs to be added to client-simulation.txt which other part
|
|
# comes from the SSLlabs client API via update_client_sim_data.pl
|
|
# The whole process is done manually.
|
|
#
|
|
# Instructions how to add a client simulation:
|
|
# * Start wireshark at the client / router. Best is during capture to filter for the target you want to contribute.
|
|
# * Make sure you create a bit of encrypted traffic to a target of your choice 1) .
|
|
# * Make sure the client traffic is specific: For just "Android" do not use a browser!
|
|
# * Stop the recording.
|
|
# * If needed sort for ClientHello.
|
|
# * Look for the ClientHello which matches the source IP + destination you had in mind. Check the destination hostname in the SNI extension so that you can be sure, it's the right traffic.
|
|
# * Retrieve "handshakebytes" by marking the Record Layer --> Copy --> As a hex stream.
|
|
# * Figure out "protos" and "tlsvers" by looking at the supported_versions TLS extension (43=0x002b). May work only on modern clients. Be careful as some do not list all TLS versions here (OpenSSL 1.1.1 lists only TLS 1.2/1.3 here)
|
|
# * Adjust "lowest_protocol" and "highest_protocol" accordingly.
|
|
# * Get "curves" from at the supported groups TLS extension 10 = 0x00a. Omit any GREASE.
|
|
# * Retrieve "alpn" by looking at the alpn TLS extension 16 (=0x0010).
|
|
# * Review TLS extension 13 (=0x000d) whether any SHA1 signature algorithm is listed. If not "requiresSha2" is true
|
|
# * Leave "maxDhBits"/"minDhBits" and "minRsaBits"/"maxRsaBits" at -1, unless you know for sure what the client can handle
|
|
# * For "ciphers" mark the Cipher Suites --> Copy --> As a hex stream, remove any leading GREASE ciphers (?a?a) and supply it to ~/utils/hexstream2cipher.sh
|
|
# * "ciphersutes" are TLS 1.3 ciphersuites. You can identify them as they currently are like 0x130?. Retrieve them from above see ~/utils/hexstream2cipher.sh
|
|
# * Figure out the services by applying a good piece of logic
|
|
# * Before submitting a PR: test it yourself! You can also watch it again via wireshark
|
|
#
|
|
#
|
|
# 1) Attention, privacy: if you want to contribute it contains the target hostname (SNI)
|
|
|
|
|
|
names+=("Android 8.1 (native)")
|
|
short+=("android_81")
|
|
ciphers+=("ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA")
|
|
ciphersuites+=("")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("16030100c0010000bc030346fcc7d3e5a9f68af0aa05de62de63c4ad1a4f472da56aa1424041106922370720ef51a7595abfd5bb32038c96c481bb6449053ba08023a752d124b1c1ca7d34fe001cc02bc02ccca9c02fc030cca8c009c00ac013c014009c009d002f0035010000570000001700150000127777772e676f6f676c65617069732e636f6d00170000ff01000100000a00080006001d00170018000b00020100000500050100000000000d00140012040308040401050308050501080606010201")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0303")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP,SMTP,POP,IMAP")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Android 9.0 (native)")
|
|
short+=("android_90")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010246010002420303d6259dca682ab368c7e095da7189996da830514896063d4acdc83cb5d2c2568d2041a787bf8dd3d7a1ceda514a6606f1068432a13063ea320fd7e7b367af47ecae00220a0a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001d77a7a00000000001e001c0000196c68332e676f6f676c6575736572636f6e74656e742e636f6d00170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00203e67895a11e9ce5c69df2995782adaddb7a03ef30b245000ca332d5940ecff20002d00020101002b000b0aeaea0304030303020301001b00030200026a6a0001000029010500e000da001c9941f6b101f853f370851e583bd22e03150fc67298947270c6058707fe1670efe590d777a34b9e2e2d0ec6aa8d0ddc375c2535934c75c9623d1a271f735417fdd9190dae7f4c8541c262f8fbfeee2e820f54f59f68e78503f5c093f6084037be22c20dad3d057f64dc73f2dd45948e27c707f3f2107b32040a21fa9c1273e7797aaf5a5bc8994e9eafc4bd43b2951e10f952564a910f146344ec6d0c49f75fc6a070c75f0ffdd84fe9e10f77c23f1062e90f9e1e396eddb84d8ac00bf7ac87c557622dd18c54bbc229268699c60434648b279dd86e996baee9d1c155002120235d43319c7d5bb4725a52fa782468cd2280bd622c40a36296b354759f6d4389")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP,SMTP,POP,IMAP")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1")
|
|
requiresSha2+=(true)
|
|
current+=(true)
|
|
|
|
names+=("Edge 17 Win 10")
|
|
short+=("edge_17_win10")
|
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("160303018d0100018903035cbeb3c560acfb3dfe583ba45f51f5e2e36f99dfe5e22f1a230724dfaf5ddbde000026c02cc02bc030c02fc024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0100013a0000001a0018000015737570706f72742e6d6963726f736f66742e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603002300c000000f032566a8435c845ce7de67f2f4fd6c75ed3206c9448a513d4b4f8cd2fedb5f7d1eb4573ce68756fdad198bd3e4eadfd4db2d7794cc69198366edcb9b9ff5803a58718c1de4d6dffeb4354cd48f5dba6de719cebb27d544f6b2f4427e4e5d46f564d3098134d9b69a4e83e233f5dfea099733f75022dba07665d7c35dd09742082a06f080871caaa6a7770ebc9e2c792eb88c44d0d56ae6ba068a189b674491cee28155148c86d53071e170ab354e0fd0e390b9ddda0886b9fa8c70ee1a0010000e000c02683208687474702f312e310017000000180006001003020100ff01000100")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0303")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(4096)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(16384)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Chrome 73 (Win 10)")
|
|
short+=("chrome_73_win10")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010200010001fc0303a719e434922565bbd59fe0dfec21b7f5c8549fdf52566af99cce87ecb276992b20bbf979b5fbe4ebd1412e55ffe6b811e561d3f04ce451fc229d329babda4de91d00227a7a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a010001914a4a000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a0008aaaa001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029aaaa000100001d00205c2f12fabe8b2ff843aa9f347816b7d3a8b8c051f0830f4bbf13d44b5ec37c2b002d00020101002b000b0aeaea0304030303020301001b0003020002eaea000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1")
|
|
requiresSha2+=(false)
|
|
current+=(false)
|
|
|
|
names+=("Chrome 74 (Win 10)")
|
|
short+=("chrome_74_win10")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010200010001fc0303b95f99af8f312f71a9bc94bec54911187cb29365a901f40ef1cc193c51f23afc2074daa030d03808edadb1ac4bc435e41cd106166b6436f925a6501f7314eae2a600222a2a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191baba000000000012001000000d7777772e676f6f676c652e646500170000ff01000100000a000a00087a7a001d00170018000b00020100002300000010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b00297a7a000100001d002062d1679f47bf75d0486d6fc6fa041c13b6cbb4c53984998d0b2db4c3f6b1277a002d00020101002b000b0aaaaa0304030303020301001b00030200027a7a000100001500cb0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Firefox 66 (Win 8.1/10)")
|
|
short+=("firefox_66_win")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010200010001fc0303f488fc07f89155dba6560e527e1708e0b36458f32492fcf3074386f169d447e5204ed6d2d9d162b792388e9cee6c838b6b1e82dacdf1837f7279bc42339c70b79c0024130113031302c02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a0100018f0000000f000d00000a7465737473736c2e736800170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000033006b0069001d0020f3c22d5492b1230da8895790bea5e5a3af7e63517cfa31b37d1d2a817a628f690017004104a373b66bce1c5d411d78d93b3c3ee6eb7c4519a52abf29e98bbc355a94f8f52a1c8bb7d6320c0104e98ec3895bc5e89ddc1d8f2b76305912992df46c546f2cf5002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c000240010015009400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP")
|
|
minDhBits+=(1023)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Java 11.0.2 (OpenJDK)")
|
|
short+=("java1102")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:AES256-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("16030301b8010001b40303ca5f7e4933a89ce4d71df403c75e71e6068fbc14a00fc4f0edd5b0dc80fee88120ded1f3aacfab0d011cd1327a4049e0e15dc4f9c6ff512bf3792687227b238af4005813011302c02cc02bc030009dc02ec032009f00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e003300320100011300000010000e00000b6369706865726c692e7374000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d000201010033004700450017004104c762a2d3f3ac33e332935a4b7bf0fd4a8f3b7ab7bbc630f78e35bd86a132b32b811a1defe5f4e18a26dc698a01513c6a6467ee10a20397fc7462b1f0b4b85f42ff01000100")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
service+=("ANY")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(224)
|
|
curves+=("secp256r1:secp384r1:secp521r1:sect283k1:sect283r1:sect409k1:sect409r1:sect571k1:sect571r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Java 12.0.1 (OpenJDK)")
|
|
short+=("java1201")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-DSS-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:AES256-SHA256:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:AES256-SHA:ECDH-ECDSA-AES256-SHA:ECDH-RSA-AES256-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES128-SHA:ECDH-ECDSA-AES128-SHA:ECDH-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("16030301bd010001b90303179b0759c355875657d31c7c03293ac94c6f5c75a45689d8f073db3858e90b44207c60386fec70ab935d7d554482f153112b05c449fc1f718f97c09d9bdfb882fa0062130113021303c02cc02bcca9c030cca8009dc02ec032009fccaa00a3c02f009cc02dc031009e00a2c024c028003dc026c02a006b006ac00ac0140035c005c00f00390038c023c027003cc025c02900670040c009c013002fc004c00e0033003200ff0100010e00000010000e00000b6369706865726c692e7374000500050100000000000a0020001e0017001800190009000a000b000c000d000e001601000101010201030104000b00020100000d002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020032002800260403050306030804080508060809080a080b04010501060104020303030103020203020102020011000900070200040000000000170000002b0009080304030303020301002d0002010100330047004500170041047fee265885ea4db5694f11d45e5a219052a2cab3d12339f07163a8e5cb6e822853ed990d130e356ee8ef2e37bb757d9fe9edff99478784a47c0350f66c2ce87e")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
service+=("ANY")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(224)
|
|
curves+=("secp256r1:secp384r1:secp521r1:sect283k1:sect283r1:sect409k1:sect409r1:sect571k1:sect571r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Opera 60 (Win 10)")
|
|
short+=("opera_60_win10")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010200010001fc03033503bae63f0cf8ef9d0a55623327a28e3c3525a2ce28153242e132279d3940e3206a440f32e7a8488b012b12d4b7d1b2b1764c784a944662a7f305e90f7d15168500228a8a130113021303c02bc02fc02cc030cca9cca8c013c014009c009d002f0035000a01000191eaea000000000012001000000d7777772e6f706572612e636f6d00170000ff01000100000a000a0008caca001d00170018000b00020100002300c07505f51cc349fe3f9e022858dcd1eb12ca07a302fd9f43a4cbffec031296e77b07122bb9532dd112770b686a4898e20462c514c5fb043dc325a5453753c499774bfab673024a86543064c33d40b67b2e4e9dfa177305e8cdc39f3d8afe0fe7c80406a9e07ea836dd8a46ab7ef9aa5dc66301a346585f7ff26615a28cbea2544d4ba8101be6f528b4bba3a5ce9a6683537b29cd16d4c5015de6f9a93d3c132389e56ff20853d952f6ee06b46ca89dc52b67583fbb0fb61e2b78c03ef97892c6a90010000e000c02683208687474702f312e31000500050100000000000d00140012040308040401050308050501080606010201001200000033002b0029caca000100001d00204aeb26ec670ce59e094a8b97c281186b4e87706df48667a24193e268a069cd54002d00020101002b000b0a3a3a0304030303020301001b00030200027a7a0001000015000b0000000000000000000000")
|
|
protos+=("-no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0300")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,FTP")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("OpenSSL 1.1.0j (Debian)")
|
|
short+=("openssl_110j")
|
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
|
ciphersuites+=("")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("16030100c2010000be03036468410c4ae36f78a4357ad19fa61353e46aed101eff4e0c9f77ec654dc12eb4000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100005d00000013001100000e7465737473736c2e73683a343433000b000403000102000a000a0008001d001700190018002300000016000000170000000d0020001e060106020603050105020503040104020403030103020303020102020203")
|
|
protos+=("-no_ssl2 -no_ssl3")
|
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0300")
|
|
highest_protocol+=("0x0303")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("ANY")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp521r1:secp384r1")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("OpenSSL 1.1.1b (Debian)")
|
|
short+=("openssl_111b")
|
|
ciphers+=("TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
|
ciphersuites+=("TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("160301012d010001290303ac67ab7c72eea2e0f68615f02c9e566ed4a3bb0022c2ca1db7615acfb9dedd0120415470391af467e708e8983b134defcb4f4855e774606ae8223265af0fbb802a003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010000a200000013001100000e7465737473736c2e73683a343433000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d0020b4556edddf807eb6b6bbcd61e25775a3992dd6f5caeee76d37f8895436efc972")
|
|
protos+=("-no_ssl2 -no_ssl3")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0300")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("ANY")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:X448:secp521r1:secp384r1")
|
|
requiresSha2+=(true)
|
|
current+=(true)
|
|
|
|
names+=("Thunderbird (60.6)")
|
|
short+=("thunderbird_60_6_1")
|
|
ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010200010001fc03039f5f6a4903cf739091fca37e8f43e6d173ffeb64905977b2dede05e061f3a24c20f958c20b0edd50e0716d108e1d6046178a8974d868c138eac8a6ab8becdf81cd001c130113031302c02bc02fcca9cca8c02cc030c013c014002f0035000a0100019700000013001100000e696d61702e676d61696c2e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000005000501000000000033006b0069001d00200ff08104aea54116caac222c2b7661e05d852847fcfd6860a0ec2f09804bd5330017004104d7afd4ac669de5312ff866d84381723c1d5ff549d409658f9300644d76e33b5c953499a89bdb1fc8930587645bf3452a47fbe6e3f00a59e232c39c269791d871002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c00024001001500aa0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP,SMTP,POP,IMAP")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
curves+=("X25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072")
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Safari 12.1 (iOS 12.2)")
|
|
short+=("safari_121_ios_122")
|
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")
|
|
sni+=("$SNI")
|
|
handshakebytes+=("1603010200010001fc03035695ccca492a68de5adfabb7e70c87b694974ddb17344e9f8d80d51aa64a881d204aca76c4eec10c3b9851b5f02fe71f371d896ba7c9c5a8cd78370b4af27896d60034130313011302c02cc02bc024c023c00ac009cca9c030c02fc028c027c014c013cca8009d009c003d003c0035002fc008c012000a0100017fff0100010000000010000e00000b6369706865726c692e737400170000000d0018001604030804040105030203080508050501080606010201000500050100000000337400000012000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e31000b00020100003300260024001d00204090ee7a8be9431345ddcec031c3024ad13d968357e337da3882606afd91405f002d00020101002b0009080304030303020301000a000a0008001d0017001800190015004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000029005b002600205d10265edd7f80daa4cb33e036860f0817903b6f7ffeeaf69977cef1170892485c26fc13003130de816ac91ce4c32f5f7beb18209f6d917cb15fe2a0fd624d5500c64a583899aae55a1d64921d86878eccd66004f1b27f")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP")
|
|
curves+=("X25519:secp256r1:secp384r1:secp521r1")
|
|
minDhBits+=(-1)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Safari 12.1 (macOS 10.13.6)")
|
|
short+=("safari_121_osx_10136")
|
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA")
|
|
ciphersuites+=("")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("16030100e3010000df03039c6af5b589ea930473487870a111e2088f4c71c4497310945d571b318f259f47000028c02cc02bc024c023c00ac009cca9c030c02fc028c027c014c013cca8009d009c003d003c0035002f0100008eff0100010000000010000e00000b6369706865726c692e737400170000000d00140012040308040401050308050501080606010201000500050100000000337400000012000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e31000b00020100000a000a0008001d001700180019")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0303")
|
|
alpn+=("h2,http/1.1")
|
|
service+=("HTTP")
|
|
curves+=("X25519:secp256r1:secp384r1:secp521r1")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
requiresSha2+=(false)
|
|
current+=(true)
|
|
|
|
names+=("Safari 13.0 (macOS 10.14.6)")
|
|
short+=("safari_130_osx_10146")
|
|
ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-CHACHA20-POLY1305:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA")
|
|
ciphersuites+=("TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384")
|
|
sni+=("$SNI")
|
|
warning+=("")
|
|
handshakebytes+=("1603010200010001fc030320ed560be50a8d6545d0409dfc0f6fd560d886fc62a514ee9923c642455fb5832084efe206b1c656b3abab810251eb260834abb7b0ec0d30450e50594c3a7f74120034130313011302c02cc02bc024c023c00ac009cca9c030c02fc028c027c014c013cca8009d009c003d003c0035002fc008c012000a0100017fff0100010000000010000e00000b6369706865726c692e737400170000000d0018001604030804040105030203080508050501080606010201000500050100000000337400000012000000100030002e0268320568322d31360568322d31350568322d313408737064792f332e3106737064792f3308687474702f312e31000b00020100003300260024001d00205465c46a55942e9fe02115c0cc2ab46ee074d4d164222f2ce6510bd91fa18419002d00020101002b0009080304030303020301000a000a0008001d001700180019001500ac00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
|
|
protos+=("-no_ssl3 -no_ssl2")
|
|
tlsvers+=("-tls1_3 -tls1_2 -tls1_1 -tls1")
|
|
lowest_protocol+=("0x0301")
|
|
highest_protocol+=("0x0304")
|
|
alpn+=("h2,h2-16,h2-15,h2-14,spdy/3.1,spdy/3,http/1.1")
|
|
service+=("HTTP")
|
|
curves+=("X25519:secp256r1:secp384r1:secp521r1")
|
|
minDhBits+=(1024)
|
|
maxDhBits+=(-1)
|
|
minRsaBits+=(-1)
|
|
maxRsaBits+=(-1)
|
|
minEcdsaBits+=(-1)
|
|
requiresSha2+=(false)
|
|
current+=(true)
|