Merge pull request #727 from tls-attacker/anvil-fixes

Conradowatz · web-flow · commit 525dcdbd8f78 · 2025-07-03T11:46:41.000+02:00
doNotSendSNI parameter and record length test
diff --git a/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/RecordFragmentationProbe.java b/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/RecordFragmentationProbe.java
@@ -28,20 +28,37 @@
 import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
 import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
 import de.rub.nds.tlsscanner.core.probe.requirements.ProtocolTypeFalseRequirement;
+import java.util.List;
 
 public class RecordFragmentationProbe extends TlsClientProbe {
-    private TestResult result = TestResults.COULD_NOT_TEST;
+
+    private TestResult supportsFragmentation = TestResults.COULD_NOT_TEST;
+    private int minRecordLength = 16384;
 
     public RecordFragmentationProbe(
             ParallelExecutor parallelExecutor, ClientScannerConfig scannerConfig) {
         super(parallelExecutor, TlsProbeType.RECORD_FRAGMENTATION, scannerConfig);
         register(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION);
+        register(TlsAnalyzedProperty.MIN_RECORD_LENGTH);
     }
 
     @Override
     protected void executeTest() {
+        List<Integer> toTest = List.of(16384, 111, 50, 1);
+        for (Integer length : toTest) {
+            if (supportsFragmentation(length)) {
+                minRecordLength = length;
+            } else {
+                break;
+            }
+        }
+
+        supportsFragmentation = minRecordLength < 16384 ? TestResults.TRUE : TestResults.FALSE;
+    }
+
+    public boolean supportsFragmentation(int recordLength) {
         Config config = scannerConfig.createConfig();
-        config.setDefaultMaxRecordData(50);
+        config.setDefaultMaxRecordData(recordLength);
 
         WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config);
         WorkflowTrace workflowTrace =
@@ -51,11 +68,8 @@ protected void executeTest() {
         State state = new State(config, workflowTrace);
         executeState(state);
 
-        result =
-                WorkflowTraceResultUtil.didReceiveMessage(
-                                state.getWorkflowTrace(), HandshakeMessageType.FINISHED)
-                        ? TestResults.TRUE
-                        : TestResults.FALSE;
+        return WorkflowTraceResultUtil.didReceiveMessage(
+                state.getWorkflowTrace(), HandshakeMessageType.FINISHED);
     }
 
     @Override
@@ -68,6 +82,7 @@ public void adjustConfig(ClientReport report) {}
 
     @Override
     protected void mergeData(ClientReport report) {
-        put(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, result);
+        put(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, supportsFragmentation);
+        put(TlsAnalyzedProperty.MIN_RECORD_LENGTH, minRecordLength);
     }
 }
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/TlsAnalyzedProperty.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/TlsAnalyzedProperty.java
@@ -249,6 +249,7 @@ public enum TlsAnalyzedProperty implements AnalyzedProperty {
     /** does it handle a http false start */
     SUPPORTS_HTTP_FALSE_START(TlsAnalyzedPropertyCategory.QUIRKS),
     SUPPORTS_RECORD_FRAGMENTATION(TlsAnalyzedPropertyCategory.QUIRKS),
+    MIN_RECORD_LENGTH(TlsAnalyzedPropertyCategory.QUIRKS),
     /** does it have a grease value intolerance? */
     HAS_GREASE_CIPHER_SUITE_INTOLERANCE(TlsAnalyzedPropertyCategory.QUIRKS),
     HAS_GREASE_NAMED_GROUP_INTOLERANCE(TlsAnalyzedPropertyCategory.QUIRKS),
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/TlsScanReport.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/TlsScanReport.java
@@ -82,6 +82,16 @@ public synchronized Integer getTotalReceivedRetransmissions() {
         return integerResult == null ? null : integerResult.getValue();
     }
 
+    /**
+     * Returns the minimum supported record length of the SUT.
+     *
+     * @return The lowest possible record length still supported.
+     */
+    public synchronized Integer getMinRecordLength() {
+        IntegerResult integerResult = getIntegerResult(TlsAnalyzedProperty.MIN_RECORD_LENGTH);
+        return integerResult == null ? null : integerResult.getValue();
+    }
+
     /**
      * Returns whether CCA is supported.
      *
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/config/ServerScannerConfig.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/config/ServerScannerConfig.java
@@ -54,6 +54,13 @@ public class ServerScannerConfig extends TlsScannerConfig {
                     "Pause between config tests to ensure the server finished processing the previously rejected messages")
     private boolean configSearchCooldown = false;
 
+    @Parameter(
+            names = "-doNotSendSNIExtension",
+            description =
+                    "Usually the hostname for the SNI extension is inferred automatically. "
+                            + "This option can overwrite the default behaviour.")
+    private boolean doNotSendSNIExtension = false;
+
     public ServerScannerConfig(GeneralDelegate delegate) {
         super(delegate);
 
@@ -121,4 +128,12 @@ public boolean isConfigSearchCooldown() {
     public void setConfigSearchCooldown(boolean configSearchCooldown) {
         this.configSearchCooldown = configSearchCooldown;
     }
+
+    public boolean isDoNotSendSNIExtension() {
+        return doNotSendSNIExtension;
+    }
+
+    public void setDoNotSendSNIExtension(boolean doNotSendSNIExtension) {
+        this.doNotSendSNIExtension = doNotSendSNIExtension;
+    }
 }
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/RecordFragmentationProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/RecordFragmentationProbe.java
@@ -24,33 +24,46 @@
 import de.rub.nds.tlsscanner.core.probe.requirements.ProtocolTypeFalseRequirement;
 import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
 import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
+import java.util.List;
 
 public class RecordFragmentationProbe extends TlsServerProbe {
 
-    private TestResult supported = TestResults.COULD_NOT_TEST;
+    private TestResult supportsFragmentation = TestResults.COULD_NOT_TEST;
+    private int minRecordLength = 16384;
 
     public RecordFragmentationProbe(
             ConfigSelector configSelector, ParallelExecutor parallelExecutor) {
         super(parallelExecutor, TlsProbeType.RECORD_FRAGMENTATION, configSelector);
         register(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION);
+        register(TlsAnalyzedProperty.MIN_RECORD_LENGTH);
     }
 
     @Override
     protected void executeTest() {
+        List<Integer> toTest = List.of(16384, 111, 50, 1);
+        for (Integer length : toTest) {
+            if (supportsFragmentation(length)) {
+                minRecordLength = length;
+            } else {
+                break;
+            }
+        }
+
+        supportsFragmentation = minRecordLength < 16384 ? TestResults.TRUE : TestResults.FALSE;
+    }
+
+    public boolean supportsFragmentation(int recordLength) {
         Config config = configSelector.getAnyWorkingBaseConfig();
-        config.setDefaultMaxRecordData(50);
+        config.setDefaultMaxRecordData(recordLength);
         config.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HELLO);
         State state = new State(config);
         executeState(state);
         HandshakeMessageType expectedFinalMessage =
                 state.getTlsContext().getSelectedProtocolVersion() == ProtocolVersion.TLS13
                         ? HandshakeMessageType.FINISHED
                         : HandshakeMessageType.SERVER_HELLO_DONE;
-        supported =
-                WorkflowTraceResultUtil.didReceiveMessage(
-                                state.getWorkflowTrace(), expectedFinalMessage)
-                        ? TestResults.TRUE
-                        : TestResults.FALSE;
+        return WorkflowTraceResultUtil.didReceiveMessage(
+                state.getWorkflowTrace(), expectedFinalMessage);
     }
 
     @Override
@@ -63,6 +76,7 @@ public Requirement<ServerReport> getRequirements() {
 
     @Override
     protected void mergeData(ServerReport report) {
-        put(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, supported);
+        put(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, supportsFragmentation);
+        put(TlsAnalyzedProperty.MIN_RECORD_LENGTH, minRecordLength);
     }
 }
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/ServerReportPrinter.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/ServerReportPrinter.java
@@ -1593,6 +1593,7 @@ public StringBuilder appendRecordFragmentation(StringBuilder builder) {
                 builder,
                 "Supports Record Fragmentation",
                 TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION);
+        prettyAppend(builder, "Mininum Record Length", "" + report.getMinRecordLength());
         return builder;
     }
 
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/selector/ConfigSelector.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/selector/ConfigSelector.java
@@ -276,8 +276,9 @@ private void applyScannerConfigParameters(Config config) {
     }
 
     private void repairSni(Config config) {
-        if (!IPAddress.isValid(config.getDefaultClientConnection().getHostname())
-                || scannerConfig.getClientDelegate().getSniHostname() != null) {
+        if (!scannerConfig.isDoNotSendSNIExtension()
+                && (!IPAddress.isValid(config.getDefaultClientConnection().getHostname())
+                        || scannerConfig.getClientDelegate().getSniHostname() != null)) {
             config.setAddServerNameIndicationExtension(true);
         } else {
             config.setAddServerNameIndicationExtension(false);
diff --git a/TLS-Server-Scanner/src/main/resources/rating/influencers.xml b/TLS-Server-Scanner/src/main/resources/rating/influencers.xml
@@ -2465,6 +2465,9 @@
     <ratingInfluencer>
         <property>SUPPORTS_RECORD_FRAGMENTATION</property>
     </ratingInfluencer>
+    <ratingInfluencer>
+        <property>MIN_RECORD_LENGTH</property>
+    </ratingInfluencer>
     <ratingInfluencer>
         <property>HAS_GREASE_CIPHER_SUITE_INTOLERANCE</property>
     </ratingInfluencer>
diff --git a/TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/RecordFragmentationProbeIT.java b/TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/probe/RecordFragmentationProbeIT.java
@@ -31,6 +31,9 @@ protected void prepareReport() {}
 
     @Override
     protected boolean executedAsPlanned() {
-        return verifyProperty(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, TestResults.TRUE);
+        boolean supportsFragmentation =
+                verifyProperty(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, TestResults.TRUE);
+        int recordLength = report.getMinRecordLength();
+        return supportsFragmentation && recordLength == 1;
     }
 }
diff --git a/TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/report/rating/DefaultInfluencersIT.java b/TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/report/rating/DefaultInfluencersIT.java
@@ -1158,6 +1158,7 @@ public void createDefaultRatingInfluencers() throws IOException, JAXBException {
                                 TlsAnalyzedProperty.SUPPORTS_RENEGOTIATION,
                                 TlsAnalyzedProperty.HANDSHAKES_WITH_UNDEFINED_POINT_FORMAT,
                                 TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION,
+                                TlsAnalyzedProperty.MIN_RECORD_LENGTH,
                                 TlsAnalyzedProperty.HAS_GREASE_CIPHER_SUITE_INTOLERANCE,
                                 TlsAnalyzedProperty.HAS_GREASE_NAMED_GROUP_INTOLERANCE,
                                 TlsAnalyzedProperty

Original file line number	Diff line number	Diff line change
`@@ -1593,6 +1593,7 @@ public StringBuilder appendRecordFragmentation(StringBuilder builder) {`
`1593`	`1593`	`builder,`
`1594`	`1594`	`"Supports Record Fragmentation",`
`1595`	`1595`	`TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION);`
	`1596`	`+ prettyAppend(builder, "Mininum Record Length", "" + report.getMinRecordLength());`
`1596`	`1597`	`return builder;`
`1597`	`1598`	`}`
`1598`	`1599`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,9 @@ protected void prepareReport() {}`
`31`	`31`
`32`	`32`	`@Override`
`33`	`33`	`protected boolean executedAsPlanned() {`
`34`		`- return verifyProperty(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, TestResults.TRUE);`
	`34`	`+ boolean supportsFragmentation =`
	`35`	`+ verifyProperty(TlsAnalyzedProperty.SUPPORTS_RECORD_FRAGMENTATION, TestResults.TRUE);`
	`36`	`+ int recordLength = report.getMinRecordLength();`
	`37`	`+ return supportsFragmentation && recordLength == 1;`
`35`	`38`	`}`
`36`	`39`	`}`