tests

Author: DeagleGross

src/Servers/Kestrel/Core/src/Middleware/TlsListenerMiddleware.cs

@@ -134,8 +134,7 @@ private static ClientHelloParseState TryParseClientHello(ReadOnlySequence<byte>
     }
 
     private static bool IsValidProtocolVersion(short version)
-        => version is 0x0002  // SSL 2.0 (0x0002)
-                   or 0x0300  // SSL 3.0 (0x0300)
+        => version is 0x0300  // SSL 3.0 (0x0300)
                    or 0x0301  // TLS 1.0 (0x0301)
                    or 0x0302  // TLS 1.1 (0x0302)
                    or 0x0303  // TLS 1.2 (0x0303)

src/Servers/Kestrel/Core/test/TlsListenerMiddlewareTests.cs

@@ -278,99 +278,64 @@ public static IEnumerable<object[]> InvalidClientHelloData_Segmented()
         0
     };
 
-    private static byte[] valid_ClientHelloStandard =
+    private static byte[] valid_Ssl3ClientHello =
     {
-        // SslPlainText.(ContentType+ProtocolVersion)
-        0x16, 0x03, 0x03,
-        // SslPlainText.length
-        0x00, 0xCB,
-        // Handshake.msg_type (client hello)
-        0x01,
-        // Handshake.length
-        0x00, 0x00, 0xC7,
-        // ClientHello.client_version
-        0x03, 0x03,
-        // ClientHello.random
-        0x0C, 0x3C, 0x85, 0x78, 0xCA,
-        0x67, 0x70, 0xAA, 0x38, 0xCB,
-        0x28, 0xBC, 0xDC, 0x3E, 0x30,
-        0xBF, 0x11, 0x96, 0x95, 0x1A,
-        0xB9, 0xF0, 0x99, 0xA4, 0x91,
-        0x09, 0x13, 0xB4, 0x89, 0x94,
-        0x27, 0x2E,
-        // ClientHello.SessionId
-        0x00,
-        // ClientHello.cipher_suites
-        0x00, 0x2A, 0xC0, 0x2C, 0xC0,
-        0x2B, 0xC0, 0x30, 0xC0, 0x2F,
-        0x00, 0x9F, 0x00, 0x9E, 0xC0,
-        0x24, 0xC0, 0x23, 0xC0, 0x28,
-        0xC0, 0x27, 0xC0, 0x0A, 0xC0,
-        0x09, 0xC0, 0x14, 0xC0, 0x13,
-        0x00, 0x9D, 0x00, 0x9C, 0x00,
-        0x3D, 0x00, 0x3C, 0x00, 0x35,
-        0x00, 0x2F, 0x00, 0x0A,
-        // ClientHello.compression_methods
-        0x01, 0x01,
-        // ClientHello.extension_list_length
-        0x00, 0x74,
-        // Extension.extension_type (server_name)
-        0x00, 0x00,
-        // ServerNameListExtension.length
-        0x00, 0x39,
-        // ServerName.length
-        0x00, 0x37,
-        // ServerName.type
-        0x00,
-        // HostName.length
-        0x00, 0x34,
-        // HostName.bytes
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61, 0x61, 0x61, 0x61,
-        0x61, 0x61,
-        // Extension.extension_type (00 0A)
-        0x00, 0x0A,
-        // Extension 0A
-        0x00, 0x08, 0x00, 0x06, 0x00,
-        0x1D, 0x00, 0x17, 0x00, 0x18,
-        // Extension.extension_type (00 0B)
-        0x00, 0x0B,
-        // Extension 0B
-        0x00, 0x02, 0x01, 0x00,
-        // Extension.extension_type (00 0D)
-        0x00, 0x0D,
-        // Extension 0D
-        0x00, 0x14, 0x00, 0x12, 0x04,
-        0x01, 0x05, 0x01, 0x02, 0x01,
-        0x04, 0x03, 0x05, 0x03, 0x02,
-        0x03, 0x02, 0x02, 0x06, 0x01,
-        0x06, 0x03,
-        // Extension.extension_type (00 23)
-        0x00, 0x23,
-        // Extension 00 23
-        0x00, 0x00,
-        // Extension.extension_type (00 17)
-        0x00, 0x17,
-        // Extension 17
-        0x00, 0x00,
-        // Extension.extension_type (FF 01)
-        0xFF, 0x01,
-        // Extension FF01
-        0x00, 0x01, 0x00
+        0x16, 0x03, 0x00,             // ContentType: Handshake, Version: SSL 3.0
+        0x00, 0x2F,                   // Length: 47 bytes
+        0x01,                         // Handshake Type: ClientHello
+        0x00, 0x00, 0x2B,             // Length: 43 bytes
+        0x03, 0x00,                   // Client Version: SSL 3.0
+        // Random (32 bytes)
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+        0x00,                         // Session ID Length
+        0x00, 0x04,                   // Cipher Suites Length
+        0x00, 0x2F, 0x00, 0x35,       // Cipher Suites
+        0x01, 0x00                    // Compression Methods: null
+    };
+
+    private static byte[] valid_Tls10ClientHello =
+    {
+        0x16, 0x03, 0x01,             // ContentType: Handshake, Version: TLS 1.0
+        0x00, 0x2F,                   // Length: 47 bytes
+        0x01,                         // Handshake Type: ClientHello
+        0x00, 0x00, 0x2B,             // Length: 43 bytes
+        0x03, 0x01,                   // Client Version: TLS 1.0
+        // Random (32 bytes)
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+        0x00,                         // Session ID Length
+        0x00, 0x04,                   // Cipher Suites Length
+        0x00, 0x2F, 0x00, 0x35,       // Cipher Suites
+        0x01, 0x00                    // Compression Methods: null
+    };
+
+    private static byte[] valid_Tls11ClientHello =
+    {
+        0x16, 0x03, 0x02,             // ContentType: Handshake, Version: TLS 1.1
+        0x00, 0x2F,                   // Length: 47 bytes
+        0x01,                         // Handshake Type: ClientHello
+        0x00, 0x00, 0x2B,             // Length: 43 bytes
+        0x03, 0x02,                   // Client Version: TLS 1.1
+        // Random (32 bytes)
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F,
+        0x00,                         // Session ID Length
+        0x00, 0x04,                   // Cipher Suites Length
+        0x00, 0x2F, 0x00, 0x35,       // Cipher Suites: TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA
+        0x01, 0x00                    // Compression Methods: null
     };
 
     private static byte[] valid_Tls12ClientHello =
     {
         // SslPlainText.(ContentType+ProtocolVersion)
-        0x16, 0x03, 0x01,
+        0x16, 0x03, 0x03,
         // SslPlainText.length
         0x00, 0xD1,
         // Handshake.msg_type (client hello)
@@ -429,7 +394,7 @@ public static IEnumerable<object[]> InvalidClientHelloData_Segmented()
     private static byte[] valid_Tls13ClientHello =
     {
         // SslPlainText.(ContentType+ProtocolVersion)
-        0x16, 0x03, 0x01,
+        0x16, 0x03, 0x04,
         // SslPlainText.length
         0x01, 0x08,
         // Handshake.msg_type (client hello)
@@ -591,7 +556,9 @@ public static IEnumerable<object[]> InvalidClientHelloData_Segmented()
 
     private static List<byte[]> valid_collection = new List<byte[]>()
     {
-        valid_clientHelloHeader, valid_ClientHelloStandard, valid_Tls12ClientHello, valid_Tls13ClientHello, valid_TlsClientHelloNoExtensions
+        valid_clientHelloHeader, valid_Ssl3ClientHello, valid_Tls10ClientHello,
+        valid_Tls11ClientHello, valid_Tls12ClientHello, valid_Tls13ClientHello,
+        valid_TlsClientHelloNoExtensions
     };
 
     private static List<byte[]> invalid_collection = new List<byte[]>()