tls-attacker
diff --git a/‎TLS-Client/src/test/java/de/rub/nds/tlsattacker/client/main/TlsClientTest.java‎
Lines changed: 6 additions & 2 deletions b/‎TLS-Client/src/test/java/de/rub/nds/tlsattacker/client/main/TlsClientTest.java‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎TLS-Core/pom.xml‎
Lines changed: 0 additions & 5 deletions b/‎TLS-Core/pom.xml‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java‎
Lines changed: 5 additions & 5 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/AlgorithmResolver.java‎
Lines changed: 11 additions & 3 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/AlgorithmResolver.java‎
Lines changed: 11 additions & 3 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherSuite.java‎
Lines changed: 24 additions & 4 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherSuite.java‎
Lines changed: 24 additions & 4 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/DigestAlgorithm.java‎
Lines changed: 1 addition & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/DigestAlgorithm.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/MacAlgorithm.java‎
Lines changed: 2 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/MacAlgorithm.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ProtocolVersion.java‎
Lines changed: 8 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ProtocolVersion.java‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/MessageDigestCollector.java‎
Lines changed: 3 additions & 3 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/MessageDigestCollector.java‎
Lines changed: 3 additions & 3 deletions
@@ -149,6 +149,8 @@ public void testExecuteWorkflows(PublicKeyAlgorithm algorithm, int port) {
         config.setDefaultTimeout(TIMEOUT);
         config.setEnforceSettings(false);
         List<String> serverList = Arrays.asList(tlsServer.getCipherSuites());
+        config.setHighestProtocolVersion(ProtocolVersion.SSL3);
+        testProtocolCompatibility(serverList, config, algorithm);
         config.setHighestProtocolVersion(ProtocolVersion.TLS10);
         testProtocolCompatibility(serverList, config, algorithm);
         config.setHighestProtocolVersion(ProtocolVersion.TLS11);
@@ -168,8 +170,10 @@ private void testProtocolCompatibility(List<String> serverList, Config config, P
         for (CipherSuite cs : CipherSuite.getImplemented()) {
             Set<PublicKeyAlgorithm> requiredAlgorithms = AlgorithmResolver.getRequiredKeystoreAlgorithms(cs);
             requiredAlgorithms.remove(algorithm);
-            if (serverList.contains(cs.toString()) && cs.isSupportedInProtocol(config.getHighestProtocolVersion())
-                    && requiredAlgorithms.isEmpty()) {
+            final boolean serverSupportsCipherSuite = serverList.contains(cs.toString());
+            final boolean cipherSuiteIsSupportedByProtocolVersion = cs.isSupportedInProtocol(config
+                    .getHighestProtocolVersion());
+            if (serverSupportsCipherSuite && cipherSuiteIsSupportedByProtocolVersion && requiredAlgorithms.isEmpty()) {
                 LinkedList<CipherSuite> cslist = new LinkedList<>();
                 cslist.add(cs);
                 config.setDefaultClientSupportedCiphersuites(cslist);
 
@@ -19,11 +19,6 @@
             <artifactId>Utils</artifactId>
             <version>${project.version}</version>
         </dependency>
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-lang3</artifactId>
-            <version>3.1</version>
-        </dependency>
     </dependencies>
     <name>TLS-Core</name>
     <build>
 
@@ -1742,11 +1742,11 @@ public Integer getDefaultTimeout() {
      */
     public void setDefaultTimeout(Integer timeout) {
         defaultTimeout = timeout;
-        
-        if(connectionEnds != null) {
-        	for (ConnectionEnd conEnd : connectionEnds) {
-        		conEnd.setDefaultTimeout(defaultTimeout);
-        	}
+
+        if (connectionEnds != null) {
+            for (ConnectionEnd conEnd : connectionEnds) {
+                conEnd.setDefaultTimeout(defaultTimeout);
+            }
         }
     }
 
 
@@ -266,16 +266,24 @@ public static CipherType getCipherType(CipherSuite cipherSuite) {
         throw new UnsupportedOperationException("Cipher suite " + cipherSuite + " is not supported yet.");
     }
 
-    public static MacAlgorithm getMacAlgorithm(CipherSuite cipherSuite) {
+    public static MacAlgorithm getMacAlgorithm(ProtocolVersion protocolVersion, CipherSuite cipherSuite) {
         MacAlgorithm result = null;
         if (cipherSuite.isAEAD()) {
             result = MacAlgorithm.AEAD;
         } else {
             String cipher = cipherSuite.toString();
             if (cipher.contains("MD5")) {
-                result = MacAlgorithm.HMAC_MD5;
+                if (protocolVersion.isSSL()) {
+                    result = MacAlgorithm.SSLMAC_MD5;
+                } else {
+                    result = MacAlgorithm.HMAC_MD5;
+                }
             } else if (cipher.endsWith("SHA")) {
-                result = MacAlgorithm.HMAC_SHA1;
+                if (protocolVersion.isSSL()) {
+                    result = MacAlgorithm.SSLMAC_SHA1;
+                } else {
+                    result = MacAlgorithm.HMAC_SHA1;
+                }
             } else if (cipher.contains("SHA256")) {
                 result = MacAlgorithm.HMAC_SHA256;
             } else if (cipher.contains("SHA384")) {
 
@@ -8,15 +8,18 @@
  */
 package de.rub.nds.tlsattacker.core.constants;
 
-import de.rub.nds.modifiablevariable.util.ArrayConverter;
-import de.rub.nds.modifiablevariable.util.RandomHelper;
-import de.rub.nds.tlsattacker.core.exceptions.UnknownCiphersuiteException;
-import de.rub.nds.tlsattacker.core.state.TlsContext;
+import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import java.util.Random;
+import java.util.Set;
+
+import de.rub.nds.modifiablevariable.util.ArrayConverter;
+import de.rub.nds.tlsattacker.core.exceptions.UnknownCiphersuiteException;
 
 /**
  * @author Juraj Somorovsky <juraj.somorovsky@rub.de>
@@ -542,12 +545,29 @@ public boolean isSCSV() {
      * @return
      */
     public boolean isSupportedInProtocol(ProtocolVersion version) {
+        if (version == ProtocolVersion.SSL3) {
+            return SSL3_SUPPORTED_CIPHERSUITES.contains(this);
+        }
         if (this.name().endsWith("256") || this.name().endsWith("384")) {
             return (version == ProtocolVersion.TLS12);
         }
         return true;
     }
 
+    public static final Set<CipherSuite> SSL3_SUPPORTED_CIPHERSUITES = Collections.unmodifiableSet(new HashSet<>(Arrays
+            .asList(TLS_NULL_WITH_NULL_NULL, TLS_RSA_WITH_NULL_MD5, TLS_RSA_WITH_NULL_SHA,
+                    TLS_RSA_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_RC4_128_MD5, TLS_RSA_WITH_RC4_128_SHA,
+                    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, TLS_RSA_WITH_IDEA_CBC_SHA, TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
+                    TLS_RSA_WITH_DES_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
+                    TLS_DH_DSS_WITH_DES_CBC_SHA, TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
+                    TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_RSA_WITH_DES_CBC_SHA,
+                    TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
+                    TLS_DHE_DSS_WITH_DES_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
+                    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, TLS_DHE_RSA_WITH_DES_CBC_SHA,
+                    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DH_anon_EXPORT_WITH_RC4_40_MD5,
+                    TLS_DH_anon_WITH_RC4_128_MD5, TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_DH_anon_WITH_DES_CBC_SHA,
+                    TLS_DH_anon_WITH_3DES_EDE_CBC_SHA)));
+
     public static List<CipherSuite> getImplemented() {
         List<CipherSuite> list = new LinkedList<>();
         list.add(TLS_RSA_WITH_3DES_EDE_CBC_SHA);
 
@@ -13,6 +13,7 @@
  */
 public enum DigestAlgorithm {
 
+    SSL_DIGEST(""),
     LEGACY(""),
     SHA256("SHA-256"),
     SHA384("SHA-384");
 
@@ -15,6 +15,8 @@ public enum MacAlgorithm {
 
     NULL("null"),
     AEAD("null"),
+    SSLMAC_MD5("SslMacMD5"), // supported by SunJCE
+    SSLMAC_SHA1("SslMacSHA1"), // supported by SunJCE
     HMAC_MD5("HmacMD5"),
     HMAC_SHA1("HmacSHA1"),
     HMAC_SHA256("HmacSHA256"),
 
@@ -159,4 +159,12 @@ public static ProtocolVersion getHighestProtocolVersion(List<ProtocolVersion> li
     public boolean isTLS13() {
         return this == TLS13 || this == TLS13_DRAFT20 || this == TLS13_DRAFT21;
     }
+
+    /**
+     * 
+     * @return true, if protocol version SSL 2 or 3
+     */
+    public boolean isSSL() {
+        return this == SSL2 || this == SSL3;
+    }
 }
@@ -54,11 +54,11 @@ public byte[] digest(ProtocolVersion version, CipherSuite suite) {
             MessageDigest hash1;
             MessageDigest hash2 = null;
             DigestAlgorithm algorithm = AlgorithmResolver.getDigestAlgorithm(version, suite);
-            if (algorithm == DigestAlgorithm.LEGACY) {
-
+            if (algorithm == DigestAlgorithm.SSL_DIGEST) {
+                throw new RuntimeException("Unsupported DigestAlgorithm SSL_DIGEST");
+            } else if (algorithm == DigestAlgorithm.LEGACY) {
                 hash1 = MessageDigest.getInstance("MD5");
                 hash2 = MessageDigest.getInstance("SHA-1");
-
             } else {
                 hash1 = MessageDigest.getInstance(algorithm.getJavaName());
             }
Original file line number	Diff line number	Diff line change
`@@ -159,4 +159,12 @@ public static ProtocolVersion getHighestProtocolVersion(List<ProtocolVersion> li`
`159`	`159`	`public boolean isTLS13() {`
`160`	`160`	`return this == TLS13 \|\| this == TLS13_DRAFT20 \|\| this == TLS13_DRAFT21;`
`161`	`161`	`}`
	`162`	`+`
	`163`	`+ /**`
	`164`	`+ *`
	`165`	`+ * @return true, if protocol version SSL 2 or 3`
	`166`	`+ */`
	`167`	`+ public boolean isSSL() {`
	`168`	`+ return this == SSL2 \|\| this == SSL3;`
	`169`	`+ }`
`162`	`170`	`}`