Skip to content

Commit 61bbfb4

Browse files
authored
Add FFDHE groups to supported_groups
There is at least one server that will not negotiate TLS_DHE_* cipher suites with TLS 1.2 and below if the supported_groups extension is present but does not include any DH groups. This commit adds the DH groups that are currently in the TLS 1.3 ClientHello to the TLS 1.2 and earlier ClientHello.
1 parent 5e9ee13 commit 61bbfb4

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

testssl.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13213,11 +13213,11 @@ prepare_tls_clienthello() {
1321313213
# Supported Groups Extension
1321413214
extension_supported_groups="
1321513215
00, 0a, # Type: Supported Elliptic Curves , see RFC 4492
13216-
00, 3e, 00, 3c, # lengths
13216+
00, 42, 00, 40, # lengths
1321713217
00, 0e, 00, 0d, 00, 19, 00, 1c, 00, 1e, 00, 0b, 00, 0c, 00, 1b,
1321813218
00, 18, 00, 09, 00, 0a, 00, 1a, 00, 16, 00, 17, 00, 1d, 00, 08,
1321913219
00, 06, 00, 07, 00, 14, 00, 15, 00, 04, 00, 05, 00, 12, 00, 13,
13220-
00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11"
13220+
00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11, 01, 00, 01, 01"
1322113221
elif [[ 0x$tls_low_byte -gt 0x03 ]]; then
1322213222
# Supported Groups Extension
1322313223
if [[ ! "$process_full" =~ all ]] || ( [[ ! "$OSSL_NAME" =~ LibreSSL ]] && \

0 commit comments

Comments
 (0)