From 6107559c8d9c66b4d93c37ad1e11250d3ea0de8c Mon Sep 17 00:00:00 2001 From: mzack Date: Mon, 24 Jan 2022 16:15:02 +0100 Subject: [PATCH 01/10] Add support for ztls for ssl/crypto templates --- v2/go.mod | 6 ++++-- v2/go.sum | 20 ++++++++++++++++++-- v2/pkg/protocols/ssl/ssl.go | 12 ++++++------ 3 files changed, 28 insertions(+), 10 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index bccb2281d..e00143d86 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -26,8 +26,8 @@ require ( github.com/owenrumney/go-sarif v1.1.1 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.8 - github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345 - github.com/projectdiscovery/fastdialer v0.0.14 + github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143 + github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 github.com/projectdiscovery/fileutil v0.0.0-20210928100737-cab279c5d4b5 github.com/projectdiscovery/goflags v0.0.8-0.20211028121123-edf02bc05b1a @@ -72,6 +72,7 @@ require ( github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7 github.com/projectdiscovery/iputil v0.0.0-20210804143329-3a30fcde43f3 github.com/stretchr/testify v1.7.0 + github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b ) require ( @@ -140,6 +141,7 @@ require ( github.com/ysmood/goob v0.3.0 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect github.com/zclconf/go-cty v1.10.0 // indirect + github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 // indirect go.etcd.io/bbolt v1.3.6 // indirect go.uber.org/zap v1.20.0 // indirect goftp.io/server/v2 v2.0.0 // indirect diff --git a/v2/go.sum b/v2/go.sum index 9d1500640..8ee376e27 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -366,6 +366,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= +github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= @@ -385,6 +386,7 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= +github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7 h1:3Xn/CN6GVY+7mVuGgt5bfp0F9JwcWqnvwfb23Jf8Vxg= github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7/go.mod h1:inRbqVxN7ri77yTJY3ZtGtKegIFa3Qnarh7Xp9P7LgY= github.com/owenrumney/go-sarif v1.0.11/go.mod h1:hTBFbxU7GuVRUvwMx+eStp9M/Oun4xHCS3vqpPvket8= @@ -405,9 +407,11 @@ github.com/projectdiscovery/clistats v0.0.8 h1:tjmWb15mqsPf/yrQXVHLe2ThZX/5+mgKS github.com/projectdiscovery/clistats v0.0.8/go.mod h1:lV6jUHAv2bYWqrQstqW8iVIydKJhWlVaLl3Xo9ioVGg= github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345 h1:jT6f/cdOpLkp9GAfRrxk57BUjYfIrR8E+AjMv5H5U4U= github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345/go.mod h1:clhQmPnt35ziJW1AhJRKyu8aygXCSoyWj6dtmZBRjjc= +github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143 h1:ulWFeH179xgDUfNQT/LyimW1znNlivsqv2d/lNFZU30= +github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143/go.mod h1:VJvSNE8f8A1MgpjgAL2GPJSQcJa4jbdaeQJstARFrU4= github.com/projectdiscovery/fastdialer v0.0.12/go.mod h1:RkRbxqDCcCFhfNUbkzBIz/ieD4uda2JuUA4WJ+RLee0= -github.com/projectdiscovery/fastdialer v0.0.14 h1:xTcU8c8wTp+AE92TVLINSCvgXsbF0ITera8HfbU1dok= -github.com/projectdiscovery/fastdialer v0.0.14/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= +github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de h1:9vQIzE3cDZvgLoxeGSHrR6gK8F3Grs6Kb0hDzdZdoiQ= +github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 h1:NwD1R/du1dqrRKN3SJl9kT6tN3K9puuWFXEvYF2ihew= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08/go.mod h1:paLCnwV8sL7ppqIwVQodQrk3F6mnWafwTDwRd7ywZwQ= github.com/projectdiscovery/fileutil v0.0.0-20210804142714-ebba15fa53ca/go.mod h1:U+QCpQnX8o2N2w0VUGyAzjM3yBAe4BKedVElxiImsx0= @@ -483,6 +487,7 @@ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAm github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4= github.com/shirou/gopsutil/v3 v3.21.12 h1:VoGxEW2hpmz0Vt3wUvHIl9fquzYLNpVpgNNB7pGJimA= github.com/shirou/gopsutil/v3 v3.21.12/go.mod h1:BToYZVTlSVlfazpDDYFnsVZLaoRG+g8ufT6fPQLdJzA= +github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0 h1:UVQPSSmc3qtTi+zPPkCXvZX9VvW/xT/NsRvKfwY81a8= @@ -576,6 +581,11 @@ github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0= github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 h1:kKCF7VX/wTmdg2ZjEaqlq99Bjsoiz7vH6sFniF/vI4M= +github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE= +github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is= +github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b h1:iYQzlljG1dOXBtsJGyzFC/wBK5qUCWs1eLCr/UcJYPA= +github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b/go.mod h1:5nID//bFGkx3/+iHcFIFRHQ54EOPJ0iSj0IGKpMElvw= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= @@ -604,6 +614,7 @@ go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw= goftp.io/server/v2 v2.0.0 h1:FF8JKXXKDxAeO1uXEZz7G+IZwCDhl19dpVIlDtp3QAg= goftp.io/server/v2 v2.0.0/go.mod h1:7+H/EIq7tXdfo1Muu5p+l3oQ6rYkDZ8lY7IM5d5kVdQ= golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8= +golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -614,6 +625,7 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= @@ -683,6 +695,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= @@ -718,6 +731,7 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cO golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -736,6 +750,7 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -778,6 +793,7 @@ golang.org/x/sys v0.0.0-20211013075003-97ac67df715c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211210111614-af8b64212486 h1:5hpz5aRr+W1erYCL5JRhSUBJRph7l9XkNveoExlrKYk= golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index bbf51648b..2797acfef 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -2,7 +2,6 @@ package ssl import ( "context" - "crypto/tls" "net" "net/url" "strings" @@ -25,6 +24,7 @@ import ( "github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool" templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types" "github.com/projectdiscovery/nuclei/v2/pkg/types" + ztls "github.com/zmap/zcrypto/tls" ) // Request is a request for the SSL protocol @@ -96,9 +96,9 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous } addressToDial := string(finalAddress) - config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname} + config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} - conn, err := request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config) + conn, err := request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config) if err != nil { requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err) requestOptions.Progress.IncrementFailedRequestsBy(1) @@ -107,7 +107,7 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous defer conn.Close() _ = conn.SetReadDeadline(time.Now().Add(time.Duration(requestOptions.Options.Timeout) * time.Second)) - connTLS, ok := conn.(*tls.Conn) + connTLS, ok := conn.(*ztls.Conn) if !ok { return nil } @@ -123,8 +123,8 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous return nil } - tlsData := cryptoutil.TLSGrab(&state) - jsonData, _ := jsoniter.Marshal(tlsData) + ztlsData := cryptoutil.ZTLSGrab(connTLS) + jsonData, _ := jsoniter.Marshal(ztlsData) jsonDataString := string(jsonData) data := make(map[string]interface{}) From a57d25fab840cab718faba28e23c25c026e06961 Mon Sep 17 00:00:00 2001 From: mzack Date: Mon, 24 Jan 2022 18:20:29 +0100 Subject: [PATCH 02/10] adding support for configurable TLS version/cipher suites --- v2/pkg/protocols/ssl/ciphers.go | 367 ++++++++++++++++++++++++++++++++ v2/pkg/protocols/ssl/ssl.go | 27 ++- v2/pkg/protocols/ssl/version.go | 23 ++ 3 files changed, 416 insertions(+), 1 deletion(-) create mode 100644 v2/pkg/protocols/ssl/ciphers.go create mode 100644 v2/pkg/protocols/ssl/version.go diff --git a/v2/pkg/protocols/ssl/ciphers.go b/v2/pkg/protocols/ssl/ciphers.go new file mode 100644 index 000000000..bf2deb8c2 --- /dev/null +++ b/v2/pkg/protocols/ssl/ciphers.go @@ -0,0 +1,367 @@ +package ssl + +import ( + "fmt" + + ztls "github.com/zmap/zcrypto/tls" +) + +var ciphers = map[string]uint16{ + "TLS_NULL_WITH_NULL_NULL": ztls.TLS_NULL_WITH_NULL_NULL, + "TLS_RSA_WITH_NULL_MD5": ztls.TLS_RSA_WITH_NULL_MD5, + "TLS_RSA_WITH_NULL_SHA": ztls.TLS_RSA_WITH_NULL_SHA, + "TLS_RSA_EXPORT_WITH_RC4_40_MD5": ztls.TLS_RSA_EXPORT_WITH_RC4_40_MD5, + "TLS_RSA_WITH_RC4_128_MD5": ztls.TLS_RSA_WITH_RC4_128_MD5, + "TLS_RSA_WITH_RC4_128_SHA": ztls.TLS_RSA_WITH_RC4_128_SHA, + "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5": ztls.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, + "TLS_RSA_WITH_IDEA_CBC_SHA": ztls.TLS_RSA_WITH_IDEA_CBC_SHA, + "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA, + "TLS_RSA_WITH_DES_CBC_SHA": ztls.TLS_RSA_WITH_DES_CBC_SHA, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DH_DSS_WITH_DES_CBC_SHA": ztls.TLS_DH_DSS_WITH_DES_CBC_SHA, + "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA, + "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DH_RSA_WITH_DES_CBC_SHA": ztls.TLS_DH_RSA_WITH_DES_CBC_SHA, + "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DHE_DSS_WITH_DES_CBC_SHA": ztls.TLS_DHE_DSS_WITH_DES_CBC_SHA, + "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, + "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DHE_RSA_WITH_DES_CBC_SHA": ztls.TLS_DHE_RSA_WITH_DES_CBC_SHA, + "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5": ztls.TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5, + "TLS_DH_ANON_WITH_RC4_128_MD5": ztls.TLS_DH_ANON_WITH_RC4_128_MD5, + "TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA, + "TLS_DH_ANON_WITH_DES_CBC_SHA": ztls.TLS_DH_ANON_WITH_DES_CBC_SHA, + "TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA, + "SSL_FORTEZZA_KEA_WITH_NULL_SHA": ztls.SSL_FORTEZZA_KEA_WITH_NULL_SHA, + "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA": ztls.SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA, + "TLS_KRB5_WITH_DES_CBC_SHA": ztls.TLS_KRB5_WITH_DES_CBC_SHA, + "TLS_KRB5_WITH_3DES_EDE_CBC_SHA": ztls.TLS_KRB5_WITH_3DES_EDE_CBC_SHA, + "TLS_KRB5_WITH_RC4_128_SHA": ztls.TLS_KRB5_WITH_RC4_128_SHA, + "TLS_KRB5_WITH_IDEA_CBC_SHA": ztls.TLS_KRB5_WITH_IDEA_CBC_SHA, + "TLS_KRB5_WITH_DES_CBC_MD5": ztls.TLS_KRB5_WITH_DES_CBC_MD5, + "TLS_KRB5_WITH_3DES_EDE_CBC_MD5": ztls.TLS_KRB5_WITH_3DES_EDE_CBC_MD5, + "TLS_KRB5_WITH_RC4_128_MD5": ztls.TLS_KRB5_WITH_RC4_128_MD5, + "TLS_KRB5_WITH_IDEA_CBC_MD5": ztls.TLS_KRB5_WITH_IDEA_CBC_MD5, + "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA, + "TLS_KRB5_EXPORT_WITH_RC4_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_RC4_40_SHA, + "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, + "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5, + "TLS_KRB5_EXPORT_WITH_RC4_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_RC4_40_MD5, + "TLS_PSK_WITH_NULL_SHA": ztls.TLS_PSK_WITH_NULL_SHA, + "TLS_DHE_PSK_WITH_NULL_SHA": ztls.TLS_DHE_PSK_WITH_NULL_SHA, + "TLS_RSA_PSK_WITH_NULL_SHA": ztls.TLS_RSA_PSK_WITH_NULL_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_RSA_WITH_AES_128_CBC_SHA, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_DH_DSS_WITH_AES_128_CBC_SHA, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_DH_RSA_WITH_AES_128_CBC_SHA, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + "TLS_DH_ANON_WITH_AES_128_CBC_SHA": ztls.TLS_DH_ANON_WITH_AES_128_CBC_SHA, + "TLS_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_RSA_WITH_AES_256_CBC_SHA, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_DH_DSS_WITH_AES_256_CBC_SHA, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_DH_RSA_WITH_AES_256_CBC_SHA, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + "TLS_DH_ANON_WITH_AES_256_CBC_SHA": ztls.TLS_DH_ANON_WITH_AES_256_CBC_SHA, + "TLS_RSA_WITH_NULL_SHA256": ztls.TLS_RSA_WITH_NULL_SHA256, + "TLS_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_RSA_WITH_AES_128_CBC_SHA256, + "TLS_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_RSA_WITH_AES_256_CBC_SHA256, + "TLS_DH_DSS_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_AES_128_CBC_SHA256, + "TLS_DH_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_AES_128_CBC_SHA256, + "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, + "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, + "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA, + "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5": ztls.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5, + "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5": ztls.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, + "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA": ztls.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, + "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA": ztls.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, + "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA": ztls.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, + "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA": ztls.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, + "TLS_DHE_DSS_WITH_RC4_128_SHA": ztls.TLS_DHE_DSS_WITH_RC4_128_SHA, + "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, + "TLS_DH_DSS_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_DSS_WITH_AES_256_CBC_SHA256, + "TLS_DH_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_RSA_WITH_AES_256_CBC_SHA256, + "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, + "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + "TLS_DH_ANON_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_AES_128_CBC_SHA256, + "TLS_DH_ANON_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_ANON_WITH_AES_256_CBC_SHA256, + "TLS_GOSTR341094_WITH_28147_CNT_IMIT": ztls.TLS_GOSTR341094_WITH_28147_CNT_IMIT, + "TLS_GOSTR341001_WITH_28147_CNT_IMIT": ztls.TLS_GOSTR341001_WITH_28147_CNT_IMIT, + "TLS_GOSTR341094_WITH_NULL_GOSTR3411": ztls.TLS_GOSTR341094_WITH_NULL_GOSTR3411, + "TLS_GOSTR341001_WITH_NULL_GOSTR3411": ztls.TLS_GOSTR341001_WITH_NULL_GOSTR3411, + "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA, + "TLS_PSK_WITH_RC4_128_SHA": ztls.TLS_PSK_WITH_RC4_128_SHA, + "TLS_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_PSK_WITH_AES_128_CBC_SHA, + "TLS_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_PSK_WITH_AES_256_CBC_SHA, + "TLS_DHE_PSK_WITH_RC4_128_SHA": ztls.TLS_DHE_PSK_WITH_RC4_128_SHA, + "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_DHE_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_PSK_WITH_AES_128_CBC_SHA, + "TLS_DHE_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_PSK_WITH_AES_256_CBC_SHA, + "TLS_RSA_PSK_WITH_RC4_128_SHA": ztls.TLS_RSA_PSK_WITH_RC4_128_SHA, + "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_RSA_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_RSA_PSK_WITH_AES_128_CBC_SHA, + "TLS_RSA_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_RSA_PSK_WITH_AES_256_CBC_SHA, + "TLS_RSA_WITH_SEED_CBC_SHA": ztls.TLS_RSA_WITH_SEED_CBC_SHA, + "TLS_DH_DSS_WITH_SEED_CBC_SHA": ztls.TLS_DH_DSS_WITH_SEED_CBC_SHA, + "TLS_DH_RSA_WITH_SEED_CBC_SHA": ztls.TLS_DH_RSA_WITH_SEED_CBC_SHA, + "TLS_DHE_DSS_WITH_SEED_CBC_SHA": ztls.TLS_DHE_DSS_WITH_SEED_CBC_SHA, + "TLS_DHE_RSA_WITH_SEED_CBC_SHA": ztls.TLS_DHE_RSA_WITH_SEED_CBC_SHA, + "TLS_DH_ANON_WITH_SEED_CBC_SHA": ztls.TLS_DH_ANON_WITH_SEED_CBC_SHA, + "TLS_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_RSA_WITH_AES_128_GCM_SHA256, + "TLS_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_RSA_WITH_AES_256_GCM_SHA384, + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, + "TLS_DH_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_AES_128_GCM_SHA256, + "TLS_DH_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_AES_256_GCM_SHA384, + "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, + "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, + "TLS_DH_DSS_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_AES_128_GCM_SHA256, + "TLS_DH_DSS_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_AES_256_GCM_SHA384, + "TLS_DH_ANON_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_AES_128_GCM_SHA256, + "TLS_DH_ANON_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_AES_256_GCM_SHA384, + "TLS_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_PSK_WITH_AES_128_GCM_SHA256, + "TLS_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_PSK_WITH_AES_256_GCM_SHA384, + "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256, + "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, + "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256, + "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, + "TLS_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_PSK_WITH_AES_128_CBC_SHA256, + "TLS_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_PSK_WITH_AES_256_CBC_SHA384, + "TLS_PSK_WITH_NULL_SHA256": ztls.TLS_PSK_WITH_NULL_SHA256, + "TLS_PSK_WITH_NULL_SHA384": ztls.TLS_PSK_WITH_NULL_SHA384, + "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256, + "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, + "TLS_DHE_PSK_WITH_NULL_SHA256": ztls.TLS_DHE_PSK_WITH_NULL_SHA256, + "TLS_DHE_PSK_WITH_NULL_SHA384": ztls.TLS_DHE_PSK_WITH_NULL_SHA384, + "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256, + "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, + "TLS_RSA_PSK_WITH_NULL_SHA256": ztls.TLS_RSA_PSK_WITH_NULL_SHA256, + "TLS_RSA_PSK_WITH_NULL_SHA384": ztls.TLS_RSA_PSK_WITH_NULL_SHA384, + "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256, + "TLS_RENEGO_PROTECTION_REQUEST": ztls.TLS_RENEGO_PROTECTION_REQUEST, + "TLS_FALLBACK_SCSV": ztls.TLS_FALLBACK_SCSV, + "TLS_ECDH_ECDSA_WITH_NULL_SHA": ztls.TLS_ECDH_ECDSA_WITH_NULL_SHA, + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA": ztls.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_NULL_SHA": ztls.TLS_ECDHE_ECDSA_WITH_NULL_SHA, + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": ztls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + "TLS_ECDH_RSA_WITH_NULL_SHA": ztls.TLS_ECDH_RSA_WITH_NULL_SHA, + "TLS_ECDH_RSA_WITH_RC4_128_SHA": ztls.TLS_ECDH_RSA_WITH_RC4_128_SHA, + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_RSA_WITH_NULL_SHA": ztls.TLS_ECDHE_RSA_WITH_NULL_SHA, + "TLS_ECDHE_RSA_WITH_RC4_128_SHA": ztls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + "TLS_ECDH_ANON_WITH_NULL_SHA": ztls.TLS_ECDH_ANON_WITH_NULL_SHA, + "TLS_ECDH_ANON_WITH_RC4_128_SHA": ztls.TLS_ECDH_ANON_WITH_RC4_128_SHA, + "TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDH_ANON_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_AES_128_CBC_SHA, + "TLS_ECDH_ANON_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_AES_256_CBC_SHA, + "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA, + "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, + "TLS_SRP_SHA_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_WITH_AES_128_CBC_SHA, + "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA, + "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA, + "TLS_SRP_SHA_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_WITH_AES_256_CBC_SHA, + "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA, + "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_PSK_WITH_RC4_128_SHA": ztls.TLS_ECDHE_PSK_WITH_RC4_128_SHA, + "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, + "TLS_ECDHE_PSK_WITH_NULL_SHA": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA, + "TLS_ECDHE_PSK_WITH_NULL_SHA256": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA256, + "TLS_ECDHE_PSK_WITH_NULL_SHA384": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA384, + "TLS_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256, + "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384, + "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256, + "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384, + "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256, + "TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, + "TLS_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256, + "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384, + "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256, + "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384, + "TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256, + "TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256, + "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, + "TLS_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256, + "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, + "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256, + "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256, + "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, + "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256, + "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, + "TLS_RSA_WITH_AES_128_CCM": ztls.TLS_RSA_WITH_AES_128_CCM, + "TLS_RSA_WITH_AES_256_CCM": ztls.TLS_RSA_WITH_AES_256_CCM, + "TLS_DHE_RSA_WITH_AES_128_CCM": ztls.TLS_DHE_RSA_WITH_AES_128_CCM, + "TLS_DHE_RSA_WITH_AES_256_CCM": ztls.TLS_DHE_RSA_WITH_AES_256_CCM, + "TLS_RSA_WITH_AES_128_CCM_8": ztls.TLS_RSA_WITH_AES_128_CCM_8, + "TLS_RSA_WITH_AES_256_CCM_8": ztls.TLS_RSA_WITH_AES_256_CCM_8, + "TLS_DHE_RSA_WITH_AES_128_CCM_8": ztls.TLS_DHE_RSA_WITH_AES_128_CCM_8, + "TLS_DHE_RSA_WITH_AES_256_CCM_8": ztls.TLS_DHE_RSA_WITH_AES_256_CCM_8, + "TLS_PSK_WITH_AES_128_CCM": ztls.TLS_PSK_WITH_AES_128_CCM, + "TLS_PSK_WITH_AES_256_CCM": ztls.TLS_PSK_WITH_AES_256_CCM, + "TLS_DHE_PSK_WITH_AES_128_CCM": ztls.TLS_DHE_PSK_WITH_AES_128_CCM, + "TLS_DHE_PSK_WITH_AES_256_CCM": ztls.TLS_DHE_PSK_WITH_AES_256_CCM, + "TLS_PSK_WITH_AES_128_CCM_8": ztls.TLS_PSK_WITH_AES_128_CCM_8, + "TLS_PSK_WITH_AES_256_CCM_8": ztls.TLS_PSK_WITH_AES_256_CCM_8, + "TLS_PSK_DHE_WITH_AES_128_CCM_8": ztls.TLS_PSK_DHE_WITH_AES_128_CCM_8, + "TLS_PSK_DHE_WITH_AES_256_CCM_8": ztls.TLS_PSK_DHE_WITH_AES_256_CCM_8, + "TLS_ECDHE_ECDSA_WITH_AES_128_CCM": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM, + "TLS_ECDHE_ECDSA_WITH_AES_256_CCM": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CCM, + "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, + "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, + "TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD, + "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD, + "SSL_RSA_WITH_RC2_CBC_MD5": ztls.SSL_RSA_WITH_RC2_CBC_MD5, + "SSL_RSA_WITH_IDEA_CBC_MD5": ztls.SSL_RSA_WITH_IDEA_CBC_MD5, + "SSL_RSA_WITH_DES_CBC_MD5": ztls.SSL_RSA_WITH_DES_CBC_MD5, + "SSL_RSA_WITH_3DES_EDE_CBC_MD5": ztls.SSL_RSA_WITH_3DES_EDE_CBC_MD5, + "SSL_EN_RC2_128_CBC_WITH_MD5": ztls.SSL_EN_RC2_128_CBC_WITH_MD5, + "OP_PCL_TLS10_AES_128_CBC_SHA512": ztls.OP_PCL_TLS10_AES_128_CBC_SHA512, +} + +func toCiphers(items []string) ([]uint16, error) { + var convertedCiphers []uint16 + for _, item := range items { + zcipher, ok := ciphers[item] + if !ok { + return nil, fmt.Errorf("unsupported cipher suite: %s", item) + } + convertedCiphers = append(convertedCiphers, zcipher) + } + return convertedCiphers, nil +} diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index 2797acfef..e38b37d26 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -34,7 +34,10 @@ type Request struct { CompiledOperators *operators.Operators `yaml:"-"` // description: | // Address contains address for the request - Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"` + Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"` + MinVersion string `yaml:"min_version,omitempty"` + MaxVersion string `yaml:"max_version,omitempty"` + CiperSuites []string `yaml:"cipher_suites,omitempty"` // cache any variables that may be needed for operation. dialer *fastdialer.Dialer @@ -98,6 +101,28 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous addressToDial := string(finalAddress) config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} + if request.MinVersion != "" { + version, err := toVersion(request.MinVersion) + if err != nil { + return err + } + config.MinVersion = version + } + if request.MaxVersion != "" { + version, err := toVersion(request.MaxVersion) + if err != nil { + return err + } + config.MaxVersion = version + } + if len(config.CipherSuites) > 0 { + cipherSuites, err := toCiphers(request.CiperSuites) + if err != nil { + return err + } + config.CipherSuites = cipherSuites + } + conn, err := request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config) if err != nil { requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err) diff --git a/v2/pkg/protocols/ssl/version.go b/v2/pkg/protocols/ssl/version.go new file mode 100644 index 000000000..758b95d62 --- /dev/null +++ b/v2/pkg/protocols/ssl/version.go @@ -0,0 +1,23 @@ +package ssl + +import ( + "crypto/tls" + "fmt" + + ztls "github.com/zmap/zcrypto/tls" +) + +var versions = map[string]uint16{ + "sslv3": ztls.VersionSSL30, + "tls10": ztls.VersionTLS10, + "tls11": ztls.VersionTLS11, + "tls12": ztls.VersionTLS12, + "tls13": tls.VersionTLS13, +} + +func toVersion(item string) (uint16, error) { + if version, ok := versions[item]; ok { + return version, nil + } + return 0, fmt.Errorf("unsupported version: %s", item) +} From 449e4fa431a09e6d7501a2fd7ad7821fd4899fd4 Mon Sep 17 00:00:00 2001 From: mzack Date: Tue, 25 Jan 2022 13:26:22 +0100 Subject: [PATCH 03/10] using standard library for tls13 --- v2/pkg/protocols/ssl/ssl.go | 67 ++++++++++++++++++++++++++++++------- 1 file changed, 55 insertions(+), 12 deletions(-) diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index e38b37d26..d37a5a780 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -2,6 +2,7 @@ package ssl import ( "context" + "crypto/tls" "net" "net/url" "strings" @@ -34,9 +35,27 @@ type Request struct { CompiledOperators *operators.Operators `yaml:"-"` // description: | // Address contains address for the request - Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"` - MinVersion string `yaml:"min_version,omitempty"` - MaxVersion string `yaml:"max_version,omitempty"` + Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"` + // description: | + // Minimum tls version - auto if not specified. + // values: + // - "sslv3" + // - "tls10" + // - "tls11" + // - "tls12" + // - "tls13" + MinVersion string `yaml:"min_version,omitempty" jsonschema:"title=TLS version,description=Minimum tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"` + // description: | + // Max tls version - auto if not specified. + // values: + // - "sslv3" + // - "tls10" + // - "tls11" + // - "tls12" + // - "tls13" + MaxVersion string `yaml:"max_version,omitempty" jsonschema:"title=TLS version,description=Max tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"` + // description: | + // Client Cipher Suites - auto if not specified. CiperSuites []string `yaml:"cipher_suites,omitempty"` // cache any variables that may be needed for operation. @@ -99,31 +118,55 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous } addressToDial := string(finalAddress) - config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} + shouldUseZTLS := true + var minVersion, maxVersion uint16 if request.MinVersion != "" { version, err := toVersion(request.MinVersion) if err != nil { return err } - config.MinVersion = version + minVersion = version + shouldUseZTLS = minVersion != tls.VersionTLS13 } if request.MaxVersion != "" { version, err := toVersion(request.MaxVersion) if err != nil { return err } - config.MaxVersion = version + maxVersion = version } - if len(config.CipherSuites) > 0 { - cipherSuites, err := toCiphers(request.CiperSuites) - if err != nil { - return err + cipherSuites, err := toCiphers(request.CiperSuites) + if err != nil { + return err + } + var conn net.Conn + if shouldUseZTLS { + config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} + if minVersion > 0 { + config.MinVersion = minVersion } - config.CipherSuites = cipherSuites + if maxVersion > 0 { + config.MaxVersion = maxVersion + } + if len(config.CipherSuites) > 0 { + config.CipherSuites = cipherSuites + } + conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config) + } else { + config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname} + if minVersion > 0 { + config.MinVersion = minVersion + } + if maxVersion > 0 { + config.MaxVersion = maxVersion + } + if len(config.CipherSuites) > 0 { + config.CipherSuites = cipherSuites + } + conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config) } - conn, err := request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config) if err != nil { requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err) requestOptions.Progress.IncrementFailedRequestsBy(1) From a6798f37ad7fe209800babbc3c27484a69eb03ac Mon Sep 17 00:00:00 2001 From: mzack Date: Tue, 25 Jan 2022 20:48:21 +0100 Subject: [PATCH 04/10] making ztls global and optional --- v2/cmd/nuclei/main.go | 1 + v2/go.mod | 2 +- v2/go.sum | 2 + .../protocols/common/protocolstate/state.go | 1 + v2/pkg/protocols/ssl/ssl.go | 85 +++++++++++-------- v2/pkg/types/types.go | 2 + 6 files changed, 56 insertions(+), 37 deletions(-) diff --git a/v2/cmd/nuclei/main.go b/v2/cmd/nuclei/main.go index 2d645e696..8a63e5a65 100644 --- a/v2/cmd/nuclei/main.go +++ b/v2/cmd/nuclei/main.go @@ -134,6 +134,7 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.StringVarP(&options.ClientCertFile, "client-cert", "cc", "", "client certificate file (PEM-encoded) used for authenticating against scanned hosts"), flagSet.StringVarP(&options.ClientKeyFile, "client-key", "ck", "", "client key file (PEM-encoded) used for authenticating against scanned hosts"), flagSet.StringVarP(&options.ClientCAFile, "client-ca", "ca", "", "client certificate authority file (PEM-encoded) used for authenticating against scanned hosts"), + flagSet.BoolVar(&options.ZTLS, "ztls", false, "Use ztls library with autofallback to standard one for tls13"), ) createGroup(flagSet, "interactsh", "interactsh", diff --git a/v2/go.mod b/v2/go.mod index e00143d86..2fc02576e 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -27,7 +27,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.8 github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143 - github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de + github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7 github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 github.com/projectdiscovery/fileutil v0.0.0-20210928100737-cab279c5d4b5 github.com/projectdiscovery/goflags v0.0.8-0.20211028121123-edf02bc05b1a diff --git a/v2/go.sum b/v2/go.sum index 8ee376e27..a7b856a3c 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -412,6 +412,8 @@ github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143/go.mod github.com/projectdiscovery/fastdialer v0.0.12/go.mod h1:RkRbxqDCcCFhfNUbkzBIz/ieD4uda2JuUA4WJ+RLee0= github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de h1:9vQIzE3cDZvgLoxeGSHrR6gK8F3Grs6Kb0hDzdZdoiQ= github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= +github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7 h1:Q0vxiaBjfXDhdhPOZeuq5DypHxr1g9VMagtVt1YUZCs= +github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 h1:NwD1R/du1dqrRKN3SJl9kT6tN3K9puuWFXEvYF2ihew= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08/go.mod h1:paLCnwV8sL7ppqIwVQodQrk3F6mnWafwTDwRd7ywZwQ= github.com/projectdiscovery/fileutil v0.0.0-20210804142714-ebba15fa53ca/go.mod h1:U+QCpQnX8o2N2w0VUGyAzjM3yBAe4BKedVElxiImsx0= diff --git a/v2/pkg/protocols/common/protocolstate/state.go b/v2/pkg/protocols/common/protocolstate/state.go index 28c9df525..a2fc4db8c 100644 --- a/v2/pkg/protocols/common/protocolstate/state.go +++ b/v2/pkg/protocols/common/protocolstate/state.go @@ -20,6 +20,7 @@ func Init(options *types.Options) error { opts.BaseResolvers = options.InternalResolversList } opts.WithDialerHistory = true + opts.WithZTLS = options.ZTLS dialer, err := fastdialer.NewDialer(opts) if err != nil { return errors.Wrap(err, "could not create dialer") diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index d37a5a780..dc4d2f1b6 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -55,7 +55,7 @@ type Request struct { // - "tls13" MaxVersion string `yaml:"max_version,omitempty" jsonschema:"title=TLS version,description=Max tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"` // description: | - // Client Cipher Suites - auto if not specified. + // Client Cipher Suites - auto if not specified. CiperSuites []string `yaml:"cipher_suites,omitempty"` // cache any variables that may be needed for operation. @@ -118,8 +118,6 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous } addressToDial := string(finalAddress) - shouldUseZTLS := true - var minVersion, maxVersion uint16 if request.MinVersion != "" { version, err := toVersion(request.MinVersion) @@ -127,7 +125,6 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous return err } minVersion = version - shouldUseZTLS = minVersion != tls.VersionTLS13 } if request.MaxVersion != "" { version, err := toVersion(request.MaxVersion) @@ -141,28 +138,24 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous return err } var conn net.Conn - if shouldUseZTLS { - config := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} - if minVersion > 0 { - config.MinVersion = minVersion - } - if maxVersion > 0 { - config.MaxVersion = maxVersion - } - if len(config.CipherSuites) > 0 { - config.CipherSuites = cipherSuites - } - conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, config) + zconfig := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} + if minVersion > 0 { + zconfig.MinVersion = minVersion + } + if maxVersion > 0 { + zconfig.MaxVersion = maxVersion + } + if len(zconfig.CipherSuites) > 0 { + zconfig.CipherSuites = cipherSuites + } + + if request.options.Options.ZTLS { + conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, zconfig) } else { - config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname} - if minVersion > 0 { - config.MinVersion = minVersion - } - if maxVersion > 0 { - config.MaxVersion = maxVersion - } - if len(config.CipherSuites) > 0 { - config.CipherSuites = cipherSuites + var config *tls.Config + config, err = fastdialer.AsTLSConfig(zconfig) + if err != nil { + return err } conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config) } @@ -175,10 +168,6 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous defer conn.Close() _ = conn.SetReadDeadline(time.Now().Add(time.Duration(requestOptions.Options.Timeout) * time.Second)) - connTLS, ok := conn.(*ztls.Conn) - if !ok { - return nil - } requestOptions.Output.Request(requestOptions.TemplateID, address, request.Type().String(), err) gologger.Verbose().Msgf("Sent SSL request to %s", address) @@ -186,23 +175,47 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous gologger.Debug().Str("address", input).Msgf("[%s] Dumped SSL request for %s", requestOptions.TemplateID, input) } - state := connTLS.ConnectionState() - if len(state.PeerCertificates) == 0 { - return nil + var ( + tlsData interface{} + certNotAfter int64 + ) + if request.options.Options.ZTLS { + connTLS, ok := conn.(*ztls.Conn) + if !ok { + return nil + } + state := connTLS.ConnectionState() + if len(state.PeerCertificates) == 0 { + return nil + } + + tlsData = cryptoutil.ZTLSGrab(connTLS) + cert := connTLS.ConnectionState().PeerCertificates[0] + certNotAfter = cert.NotAfter.Unix() + } else { + connTLS, ok := conn.(*tls.Conn) + if !ok { + return nil + } + state := connTLS.ConnectionState() + if len(state.PeerCertificates) == 0 { + return nil + } + tlsData = cryptoutil.TLSGrab(&state) + cert := connTLS.ConnectionState().PeerCertificates[0] + certNotAfter = cert.NotAfter.Unix() } - ztlsData := cryptoutil.ZTLSGrab(connTLS) - jsonData, _ := jsoniter.Marshal(ztlsData) + jsonData, _ := jsoniter.Marshal(tlsData) jsonDataString := string(jsonData) data := make(map[string]interface{}) - cert := connTLS.ConnectionState().PeerCertificates[0] data["type"] = request.Type().String() data["response"] = jsonDataString data["host"] = input data["matched"] = addressToDial - data["not_after"] = float64(cert.NotAfter.Unix()) + data["not_after"] = float64(certNotAfter) data["ip"] = request.dialer.GetDialedIP(hostname) event := eventcreator.CreateEvent(request, data, requestOptions.Options.Debug || requestOptions.Options.DebugResponse) diff --git a/v2/pkg/types/types.go b/v2/pkg/types/types.go index 64588f32c..fcccd8822 100644 --- a/v2/pkg/types/types.go +++ b/v2/pkg/types/types.go @@ -194,6 +194,8 @@ type Options struct { ClientKeyFile string // ClientCAFile client certificate authority file (PEM-encoded) used for authenticating against scanned hosts ClientCAFile string + // Use ZTLS library + ZTLS bool } func (options *Options) AddVarPayload(key string, value interface{}) { From e7655f1df0771d1d9ed080b4bad56dfe896429ea Mon Sep 17 00:00:00 2001 From: mzack Date: Tue, 25 Jan 2022 20:57:54 +0100 Subject: [PATCH 05/10] fixing tls config generation --- v2/pkg/protocols/ssl/ssl.go | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index dc4d2f1b6..996acd124 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -138,24 +138,29 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous return err } var conn net.Conn - zconfig := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} - if minVersion > 0 { - zconfig.MinVersion = minVersion - } - if maxVersion > 0 { - zconfig.MaxVersion = maxVersion - } - if len(zconfig.CipherSuites) > 0 { - zconfig.CipherSuites = cipherSuites - } if request.options.Options.ZTLS { + zconfig := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname} + if minVersion > 0 { + zconfig.MinVersion = minVersion + } + if maxVersion > 0 { + zconfig.MaxVersion = maxVersion + } + if len(zconfig.CipherSuites) > 0 { + zconfig.CipherSuites = cipherSuites + } conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, zconfig) } else { - var config *tls.Config - config, err = fastdialer.AsTLSConfig(zconfig) - if err != nil { - return err + config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname} + if minVersion > 0 { + config.MinVersion = minVersion + } + if maxVersion > 0 { + config.MaxVersion = maxVersion + } + if len(config.CipherSuites) > 0 { + config.CipherSuites = cipherSuites } conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config) } From cd3dba5a56c458a67d47079553477863a927066f Mon Sep 17 00:00:00 2001 From: mzack Date: Thu, 27 Jan 2022 20:34:43 +0100 Subject: [PATCH 06/10] updating fastdialer --- v2/go.mod | 2 +- v2/go.sum | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/v2/go.mod b/v2/go.mod index 2fc02576e..27334a2ea 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -27,7 +27,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.8 github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143 - github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7 + github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47 github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 github.com/projectdiscovery/fileutil v0.0.0-20210928100737-cab279c5d4b5 github.com/projectdiscovery/goflags v0.0.8-0.20211028121123-edf02bc05b1a diff --git a/v2/go.sum b/v2/go.sum index a7b856a3c..ec92a7143 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -414,6 +414,8 @@ github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de h1: github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7 h1:Q0vxiaBjfXDhdhPOZeuq5DypHxr1g9VMagtVt1YUZCs= github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= +github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47 h1:TUsZiwez9uFmph1hlTsiH7rdB+wi4524+lMuV2z6FaM= +github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47/go.mod h1:GbQvP1ezGlQn0af3lVcl08b5eRQu960T7A9pwazybSo= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 h1:NwD1R/du1dqrRKN3SJl9kT6tN3K9puuWFXEvYF2ihew= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08/go.mod h1:paLCnwV8sL7ppqIwVQodQrk3F6mnWafwTDwRd7ywZwQ= github.com/projectdiscovery/fileutil v0.0.0-20210804142714-ebba15fa53ca/go.mod h1:U+QCpQnX8o2N2w0VUGyAzjM3yBAe4BKedVElxiImsx0= @@ -542,6 +544,7 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6/go.mod h1:h8272+G2omSmi30fBXiZDMkmHuOgonplfKIKjQWzlfs= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4= From 9eff05b99f81ae26afdbdf972ccd10654ce4a1f5 Mon Sep 17 00:00:00 2001 From: mzack Date: Thu, 27 Jan 2022 20:36:29 +0100 Subject: [PATCH 07/10] updating deps --- v2/go.mod | 1 + v2/go.sum | 6 +----- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index 27334a2ea..4c4538ec1 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -136,6 +136,7 @@ require ( github.com/tklauser/numcpus v0.3.0 // indirect github.com/trivago/tgo v1.0.7 // indirect github.com/ulikunitz/xz v0.5.10 // indirect + github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/yl2chen/cidranger v1.0.2 // indirect github.com/ysmood/goob v0.3.0 // indirect diff --git a/v2/go.sum b/v2/go.sum index ec92a7143..529551016 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -405,15 +405,10 @@ github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e h1:7bwa github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e/go.mod h1:/IsapnEYiWG+yEDPXp0e8NWj3npzB9Ccy9lXEUJwMZs= github.com/projectdiscovery/clistats v0.0.8 h1:tjmWb15mqsPf/yrQXVHLe2ThZX/5+mgKSfZBKWWLh20= github.com/projectdiscovery/clistats v0.0.8/go.mod h1:lV6jUHAv2bYWqrQstqW8iVIydKJhWlVaLl3Xo9ioVGg= -github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345 h1:jT6f/cdOpLkp9GAfRrxk57BUjYfIrR8E+AjMv5H5U4U= github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345/go.mod h1:clhQmPnt35ziJW1AhJRKyu8aygXCSoyWj6dtmZBRjjc= github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143 h1:ulWFeH179xgDUfNQT/LyimW1znNlivsqv2d/lNFZU30= github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143/go.mod h1:VJvSNE8f8A1MgpjgAL2GPJSQcJa4jbdaeQJstARFrU4= github.com/projectdiscovery/fastdialer v0.0.12/go.mod h1:RkRbxqDCcCFhfNUbkzBIz/ieD4uda2JuUA4WJ+RLee0= -github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de h1:9vQIzE3cDZvgLoxeGSHrR6gK8F3Grs6Kb0hDzdZdoiQ= -github.com/projectdiscovery/fastdialer v0.0.15-0.20220124150833-4b108b8258de/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= -github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7 h1:Q0vxiaBjfXDhdhPOZeuq5DypHxr1g9VMagtVt1YUZCs= -github.com/projectdiscovery/fastdialer v0.0.15-0.20220125194529-ae3cd418e3e7/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII= github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47 h1:TUsZiwez9uFmph1hlTsiH7rdB+wi4524+lMuV2z6FaM= github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47/go.mod h1:GbQvP1ezGlQn0af3lVcl08b5eRQu960T7A9pwazybSo= github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 h1:NwD1R/du1dqrRKN3SJl9kT6tN3K9puuWFXEvYF2ihew= @@ -544,6 +539,7 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 h1:TtyC78WMafNW8QFfv3TeP3yWNDG+uxNkk9vOrnDu6JA= github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6/go.mod h1:h8272+G2omSmi30fBXiZDMkmHuOgonplfKIKjQWzlfs= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= From 19d2b80a1c8266d666700c306bffc514b7ae57a4 Mon Sep 17 00:00:00 2001 From: mzack Date: Thu, 27 Jan 2022 21:29:28 +0100 Subject: [PATCH 08/10] adding ssl test cases + tcpserver refactor --- integration_tests/ssl/basic-ztls.yaml | 15 ++++++ integration_tests/ssl/basic.yaml | 13 +++++ v2/cmd/integration-test/http.go | 2 +- v2/cmd/integration-test/integration-test.go | 1 + v2/cmd/integration-test/network.go | 8 +-- v2/cmd/integration-test/ssl.go | 54 +++++++++++++++++++++ v2/pkg/testutils/integration.go | 48 +++++++++++++++--- 7 files changed, 129 insertions(+), 12 deletions(-) create mode 100644 integration_tests/ssl/basic-ztls.yaml create mode 100644 integration_tests/ssl/basic.yaml create mode 100644 v2/cmd/integration-test/ssl.go diff --git a/integration_tests/ssl/basic-ztls.yaml b/integration_tests/ssl/basic-ztls.yaml new file mode 100644 index 000000000..dcb023298 --- /dev/null +++ b/integration_tests/ssl/basic-ztls.yaml @@ -0,0 +1,15 @@ +id: basic-ssl-tls + +info: + name: Basic SSL Request with ztls + author: pdteam + severity: info + +ssl: + - address: "{{Host}}:{{Port}}" + min_version: sslv3 + max_version: tls12 + matchers: + - type: dsl + dsl: + - "not_after>=0" diff --git a/integration_tests/ssl/basic.yaml b/integration_tests/ssl/basic.yaml new file mode 100644 index 000000000..83dae1f4a --- /dev/null +++ b/integration_tests/ssl/basic.yaml @@ -0,0 +1,13 @@ +id: expired-ssl + +info: + name: Basic SSL Request + author: pdteam + severity: info + +ssl: + - address: "{{Host}}:{{Port}}" + matchers: + - type: dsl + dsl: + - "not_after>=0" diff --git a/v2/cmd/integration-test/http.go b/v2/cmd/integration-test/http.go index 5f7f5ae8c..90a776ba0 100644 --- a/v2/cmd/integration-test/http.go +++ b/v2/cmd/integration-test/http.go @@ -552,7 +552,7 @@ type httpRawUnsafeRequest struct{} func (h *httpRawUnsafeRequest) Execute(filePath string) error { var routerErr error - ts := testutils.NewTCPServer(func(conn net.Conn) { + ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) { defer conn.Close() _, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 36\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nThis is test raw-unsafe-matcher test")) }) diff --git a/v2/cmd/integration-test/integration-test.go b/v2/cmd/integration-test/integration-test.go index 4bbed10a1..c0140a7a0 100644 --- a/v2/cmd/integration-test/integration-test.go +++ b/v2/cmd/integration-test/integration-test.go @@ -27,6 +27,7 @@ var ( "websocket": websocketTestCases, "headless": headlessTestcases, "whois": whoisTestCases, + "ssl": sslTestcases, } ) diff --git a/v2/cmd/integration-test/network.go b/v2/cmd/integration-test/network.go index 52d78b347..e959cf3a3 100644 --- a/v2/cmd/integration-test/network.go +++ b/v2/cmd/integration-test/network.go @@ -21,7 +21,7 @@ type networkBasic struct{} func (h *networkBasic) Execute(filePath string) error { var routerErr error - ts := testutils.NewTCPServer(func(conn net.Conn) { + ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) { defer conn.Close() data := make([]byte, 4) @@ -52,7 +52,7 @@ type networkMultiStep struct{} func (h *networkMultiStep) Execute(filePath string) error { var routerErr error - ts := testutils.NewTCPServer(func(conn net.Conn) { + ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) { defer conn.Close() data := make([]byte, 5) @@ -100,11 +100,11 @@ type networkRequestSelContained struct{} func (h *networkRequestSelContained) Execute(filePath string) error { var routerErr error - ts := testutils.NewTCPServer(func(conn net.Conn) { + ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) { defer conn.Close() _, _ = conn.Write([]byte("Authentication successful")) - }, defaultStaticPort) + }) defer ts.Close() results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "", debug) if err != nil { diff --git a/v2/cmd/integration-test/ssl.go b/v2/cmd/integration-test/ssl.go new file mode 100644 index 000000000..2c389e6a6 --- /dev/null +++ b/v2/cmd/integration-test/ssl.go @@ -0,0 +1,54 @@ +package main + +import ( + "net" + + "github.com/projectdiscovery/nuclei/v2/pkg/testutils" +) + +var sslTestcases = map[string]testutils.TestCase{ + "ssl/basic.yaml": &sslBasic{}, + "ssl/basic-ztls.yaml": &sslBasicZtls{}, +} + +type sslBasic struct{} + +// Execute executes a test case and returns an error if occurred +func (h *sslBasic) Execute(filePath string) error { + ts := testutils.NewTCPServer(true, defaultStaticPort, func(conn net.Conn) { + defer conn.Close() + data := make([]byte, 4) + if _, err := conn.Read(data); err != nil { + return + } + }) + defer ts.Close() + + results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug) + if err != nil { + return err + } + + return expectResultsCount(results, 1) +} + +type sslBasicZtls struct{} + +// Execute executes a test case and returns an error if occurred +func (h *sslBasicZtls) Execute(filePath string) error { + ts := testutils.NewTCPServer(true, defaultStaticPort, func(conn net.Conn) { + defer conn.Close() + data := make([]byte, 4) + if _, err := conn.Read(data); err != nil { + return + } + }) + defer ts.Close() + + results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug, "-ztls") + if err != nil { + return err + } + + return expectResultsCount(results, 1) +} diff --git a/v2/pkg/testutils/integration.go b/v2/pkg/testutils/integration.go index 3590dba16..8db6b26a8 100644 --- a/v2/pkg/testutils/integration.go +++ b/v2/pkg/testutils/integration.go @@ -1,6 +1,7 @@ package testutils import ( + "crypto/tls" "errors" "fmt" "net" @@ -97,21 +98,49 @@ type TCPServer struct { listener net.Listener } +// keys taken from https://pascal.bach.ch/2015/12/17/from-tcp-to-tls-in-go/ +const serverKey = `-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHg+g2unjA5BkDtXSN9ShN7kbPlbCcqcYdDu+QeV8XWuoAoGCCqGSM49 +AwEHoUQDQgAEcZpodWh3SEs5Hh3rrEiu1LZOYSaNIWO34MgRxvqwz1FMpLxNlx0G +cSqrxhPubawptX5MSr02ft32kfOlYbaF5Q== +-----END EC PRIVATE KEY----- +` + +const serverCert = `-----BEGIN CERTIFICATE----- +MIIB+TCCAZ+gAwIBAgIJAL05LKXo6PrrMAoGCCqGSM49BAMCMFkxCzAJBgNVBAYT +AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn +aXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTEyMDgxNDAxMTNa +Fw0yNTEyMDUxNDAxMTNaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 +YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMM +CWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHGaaHVod0hLOR4d +66xIrtS2TmEmjSFjt+DIEcb6sM9RTKS8TZcdBnEqq8YT7m2sKbV+TEq9Nn7d9pHz +pWG2heWjUDBOMB0GA1UdDgQWBBR0fqrecDJ44D/fiYJiOeBzfoqEijAfBgNVHSME +GDAWgBR0fqrecDJ44D/fiYJiOeBzfoqEijAMBgNVHRMEBTADAQH/MAoGCCqGSM49 +BAMCA0gAMEUCIEKzVMF3JqjQjuM2rX7Rx8hancI5KJhwfeKu1xbyR7XaAiEA2UT7 +1xOP035EcraRmWPe7tO0LpXgMxlh2VItpc2uc2w= +-----END CERTIFICATE----- +` + // NewTCPServer creates a new TCP server from a handler -func NewTCPServer(handler func(conn net.Conn), port ...int) *TCPServer { +func NewTCPServer(withTls bool, port int, handler func(conn net.Conn)) *TCPServer { server := &TCPServer{} - var gotPort int - if len(port) > 0 { - gotPort = port[0] - } - l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", gotPort)) + l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)) if err != nil { panic(err) } server.URL = l.Addr().String() server.listener = l + cer, err := tls.X509KeyPair([]byte(serverCert), []byte(serverKey)) + if err != nil { + panic(err) + } + config := &tls.Config{Certificates: []tls.Certificate{cer}} + go func() { for { // Listen for an incoming connection. @@ -120,7 +149,12 @@ func NewTCPServer(handler func(conn net.Conn), port ...int) *TCPServer { continue } // Handle connections in a new goroutine. - go handler(conn) + if withTls { + connTls := tls.Server(conn, config) + go handler(connTls) + } else { + go handler(conn) + } } }() return server From 672d21cce7fdc48f66c8f0b4eb10c4d41574d19a Mon Sep 17 00:00:00 2001 From: mzack Date: Thu, 27 Jan 2022 23:16:47 +0100 Subject: [PATCH 09/10] using self-generated certificate --- v2/pkg/testutils/integration.go | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/v2/pkg/testutils/integration.go b/v2/pkg/testutils/integration.go index 8db6b26a8..f8bfcae9c 100644 --- a/v2/pkg/testutils/integration.go +++ b/v2/pkg/testutils/integration.go @@ -100,27 +100,29 @@ type TCPServer struct { // keys taken from https://pascal.bach.ch/2015/12/17/from-tcp-to-tls-in-go/ const serverKey = `-----BEGIN EC PARAMETERS----- -BggqhkjOPQMBBw== +BgUrgQQAIg== -----END EC PARAMETERS----- -----BEGIN EC PRIVATE KEY----- -MHcCAQEEIHg+g2unjA5BkDtXSN9ShN7kbPlbCcqcYdDu+QeV8XWuoAoGCCqGSM49 -AwEHoUQDQgAEcZpodWh3SEs5Hh3rrEiu1LZOYSaNIWO34MgRxvqwz1FMpLxNlx0G -cSqrxhPubawptX5MSr02ft32kfOlYbaF5Q== +MIGkAgEBBDBJazGwuqgOLsCMr7P56w26JBEHQokiuAy2iCQfCnmOWm7S9FveQ/DP +qB69zvUPs26gBwYFK4EEACKhZANiAARehvy96ygCAsJ6iQvthzl/Nvq4P3c4MGyx +UMLMe0L10OCxeCl5ZY2CuFf8UnBgV1u414U4+yjIrS57w1/3utBKC9TVRGj+Vcls +2NZ4+8Jh6/M/Jf/Mpd8QyIy0WesEUM4= -----END EC PRIVATE KEY----- ` const serverCert = `-----BEGIN CERTIFICATE----- -MIIB+TCCAZ+gAwIBAgIJAL05LKXo6PrrMAoGCCqGSM49BAMCMFkxCzAJBgNVBAYT -AkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRn -aXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNTEyMDgxNDAxMTNa -Fw0yNTEyMDUxNDAxMTNaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 -YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMM -CWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHGaaHVod0hLOR4d -66xIrtS2TmEmjSFjt+DIEcb6sM9RTKS8TZcdBnEqq8YT7m2sKbV+TEq9Nn7d9pHz -pWG2heWjUDBOMB0GA1UdDgQWBBR0fqrecDJ44D/fiYJiOeBzfoqEijAfBgNVHSME -GDAWgBR0fqrecDJ44D/fiYJiOeBzfoqEijAMBgNVHRMEBTADAQH/MAoGCCqGSM49 -BAMCA0gAMEUCIEKzVMF3JqjQjuM2rX7Rx8hancI5KJhwfeKu1xbyR7XaAiEA2UT7 -1xOP035EcraRmWPe7tO0LpXgMxlh2VItpc2uc2w= +MIICJDCCAakCCQDFa0/D9jJw6DAKBggqhkjOPQQDAjB7MQswCQYDVQQGEwJVUzEP +MA0GA1UECAwGcGRsYW5kMQ8wDQYDVQQHDAZwZGNpdHkxCzAJBgNVBAoMAnBkMQsw +CQYDVQQLDAJwZDELMAkGA1UEAwwCcGQxIzAhBgkqhkiG9w0BCQEWFGFueXRoaW5n +QGFueXRoaW5nLnBkMB4XDTIyMDEyNzIyMDUwNFoXDTMyMDEyNTIyMDUwNFowezEL +MAkGA1UEBhMCVVMxDzANBgNVBAgMBnBkbGFuZDEPMA0GA1UEBwwGcGRjaXR5MQsw +CQYDVQQKDAJwZDELMAkGA1UECwwCcGQxCzAJBgNVBAMMAnBkMSMwIQYJKoZIhvcN +AQkBFhRhbnl0aGluZ0Bhbnl0aGluZy5wZDB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BF6G/L3rKAICwnqJC+2HOX82+rg/dzgwbLFQwsx7QvXQ4LF4KXlljYK4V/xScGBX +W7jXhTj7KMitLnvDX/e60EoL1NVEaP5VyWzY1nj7wmHr8z8l/8yl3xDIjLRZ6wRQ +zjAKBggqhkjOPQQDAgNpADBmAjEAgxGPbjRlhz+1Scmr6RU9VbzVJWN8KCsTTpx7 +pqfmKpJ29UYReZN+fm/6fc5vkv1rAjEAkTuTf8ARSn1UiKlCTTDQVtCoRcMVLQQp +TCxxGzcAlUAAJE6+SJpY7fPRe+n2EvPS -----END CERTIFICATE----- ` From acfe35eda923a8d986744dfe762c9fcc7a0bf72d Mon Sep 17 00:00:00 2001 From: mzack Date: Fri, 4 Feb 2022 07:22:10 +0100 Subject: [PATCH 10/10] fixing cipher suites selection --- v2/pkg/protocols/ssl/ssl.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/pkg/protocols/ssl/ssl.go b/v2/pkg/protocols/ssl/ssl.go index 996acd124..74ae29663 100644 --- a/v2/pkg/protocols/ssl/ssl.go +++ b/v2/pkg/protocols/ssl/ssl.go @@ -147,7 +147,7 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous if maxVersion > 0 { zconfig.MaxVersion = maxVersion } - if len(zconfig.CipherSuites) > 0 { + if len(cipherSuites) > 0 { zconfig.CipherSuites = cipherSuites } conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, zconfig) @@ -159,7 +159,7 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous if maxVersion > 0 { config.MaxVersion = maxVersion } - if len(config.CipherSuites) > 0 { + if len(cipherSuites) > 0 { config.CipherSuites = cipherSuites } conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config)