Skip to content

Commit 99af5aa

Browse files
ic0nsic0ns
committed
SignatureAndHash algorithm extension is now enabled by default and new signature and hash algorithms were added to the dafault config
1 parent 74cfda8 commit 99af5aa

File tree

2 files changed

+74
-2
lines changed

2 files changed

+74
-2
lines changed

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -405,7 +405,7 @@ public static Config createConfig(InputStream stream) {
405405
/**
406406
* If we generate ClientHello with the SignatureAndHashAlgorithm extension
407407
*/
408-
private Boolean addSignatureAndHashAlgorithmsExtension = false;
408+
private Boolean addSignatureAndHashAlgorithmsExtension = true;
409409

410410
/**
411411
* If we generate ClientHello with the SupportedVersion extension
@@ -989,6 +989,30 @@ public static Config createConfig(InputStream stream) {
989989
HashAlgorithm.SHA1));
990990
supportedSignatureAndHashAlgorithms
991991
.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.RSA, HashAlgorithm.MD5));
992+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.ECDSA,
993+
HashAlgorithm.SHA512));
994+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.ECDSA,
995+
HashAlgorithm.SHA384));
996+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.ECDSA,
997+
HashAlgorithm.SHA256));
998+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.ECDSA,
999+
HashAlgorithm.SHA224));
1000+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.ECDSA,
1001+
HashAlgorithm.SHA1));
1002+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.ECDSA,
1003+
HashAlgorithm.MD5));
1004+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.DSA,
1005+
HashAlgorithm.SHA512));
1006+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.DSA,
1007+
HashAlgorithm.SHA384));
1008+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.DSA,
1009+
HashAlgorithm.SHA256));
1010+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.DSA,
1011+
HashAlgorithm.SHA224));
1012+
supportedSignatureAndHashAlgorithms.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.DSA,
1013+
HashAlgorithm.SHA1));
1014+
supportedSignatureAndHashAlgorithms
1015+
.add(new SignatureAndHashAlgorithm(SignatureAlgorithm.DSA, HashAlgorithm.MD5));
9921016
defaultClientSupportedCompressionMethods = new LinkedList<>();
9931017
defaultClientSupportedCompressionMethods.add(CompressionMethod.NULL);
9941018
defaultServerSupportedCompressionMethods = new LinkedList<>();

TLS-Core/src/main/resources/default_config.xml

Lines changed: 49 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,54 @@
3939
<hashAlgorithm>MD5</hashAlgorithm>
4040
<signatureAlgorithm>RSA</signatureAlgorithm>
4141
</supportedSignatureAndHashAlgorithms>
42+
<supportedSignatureAndHashAlgorithms>
43+
<hashAlgorithm>SHA512</hashAlgorithm>
44+
<signatureAlgorithm>ECDSA</signatureAlgorithm>
45+
</supportedSignatureAndHashAlgorithms>
46+
<supportedSignatureAndHashAlgorithms>
47+
<hashAlgorithm>SHA384</hashAlgorithm>
48+
<signatureAlgorithm>ECDSA</signatureAlgorithm>
49+
</supportedSignatureAndHashAlgorithms>
50+
<supportedSignatureAndHashAlgorithms>
51+
<hashAlgorithm>SHA256</hashAlgorithm>
52+
<signatureAlgorithm>ECDSA</signatureAlgorithm>
53+
</supportedSignatureAndHashAlgorithms>
54+
<supportedSignatureAndHashAlgorithms>
55+
<hashAlgorithm>SHA224</hashAlgorithm>
56+
<signatureAlgorithm>ECDSA</signatureAlgorithm>
57+
</supportedSignatureAndHashAlgorithms>
58+
<supportedSignatureAndHashAlgorithms>
59+
<hashAlgorithm>SHA1</hashAlgorithm>
60+
<signatureAlgorithm>ECDSA</signatureAlgorithm>
61+
</supportedSignatureAndHashAlgorithms>
62+
<supportedSignatureAndHashAlgorithms>
63+
<hashAlgorithm>MD5</hashAlgorithm>
64+
<signatureAlgorithm>ECDSA</signatureAlgorithm>
65+
</supportedSignatureAndHashAlgorithms>
66+
<supportedSignatureAndHashAlgorithms>
67+
<hashAlgorithm>SHA512</hashAlgorithm>
68+
<signatureAlgorithm>DSA</signatureAlgorithm>
69+
</supportedSignatureAndHashAlgorithms>
70+
<supportedSignatureAndHashAlgorithms>
71+
<hashAlgorithm>SHA384</hashAlgorithm>
72+
<signatureAlgorithm>DSA</signatureAlgorithm>
73+
</supportedSignatureAndHashAlgorithms>
74+
<supportedSignatureAndHashAlgorithms>
75+
<hashAlgorithm>SHA256</hashAlgorithm>
76+
<signatureAlgorithm>DSA</signatureAlgorithm>
77+
</supportedSignatureAndHashAlgorithms>
78+
<supportedSignatureAndHashAlgorithms>
79+
<hashAlgorithm>SHA224</hashAlgorithm>
80+
<signatureAlgorithm>DSA</signatureAlgorithm>
81+
</supportedSignatureAndHashAlgorithms>
82+
<supportedSignatureAndHashAlgorithms>
83+
<hashAlgorithm>SHA1</hashAlgorithm>
84+
<signatureAlgorithm>DSA</signatureAlgorithm>
85+
</supportedSignatureAndHashAlgorithms>
86+
<supportedSignatureAndHashAlgorithms>
87+
<hashAlgorithm>MD5</hashAlgorithm>
88+
<signatureAlgorithm>DSA</signatureAlgorithm>
89+
</supportedSignatureAndHashAlgorithms>
4290
<defaultClientSupportedCiphersuites>TLS_RSA_WITH_3DES_EDE_CBC_SHA</defaultClientSupportedCiphersuites>
4391
<defaultClientSupportedCiphersuites>TLS_RSA_WITH_AES_128_CBC_SHA</defaultClientSupportedCiphersuites>
4492
<defaultClientSupportedCiphersuites>TLS_RSA_WITH_NULL_MD5</defaultClientSupportedCiphersuites>
@@ -704,7 +752,7 @@
704752
<addHeartbeatExtension>false</addHeartbeatExtension>
705753
<addMaxFragmentLengthExtenstion>false</addMaxFragmentLengthExtenstion>
706754
<addServerNameIndicationExtension>false</addServerNameIndicationExtension>
707-
<addSignatureAndHashAlgorithmsExtension>false</addSignatureAndHashAlgorithmsExtension>
755+
<addSignatureAndHashAlgorithmsExtension>true</addSignatureAndHashAlgorithmsExtension>
708756
<addSupportedVersionsExtension>false</addSupportedVersionsExtension>
709757
<addKeyShareExtension>false</addKeyShareExtension>
710758
<addEarlyDataExtension>false</addEarlyDataExtension>

0 commit comments

Comments
 (0)