Merge pull request #419 from tls-attacker/fix/StrictSni

NErinola · web-flow · commit 6a8ed7f8ea42 · 2024-10-09T10:59:15.000+02:00
fixed SNI value set in strictSNI check
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/AlpacaProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/AlpacaProbe.java
@@ -8,13 +8,17 @@
  */
 package de.rub.nds.tlsscanner.serverscanner.probe;
 
+import static java.nio.charset.StandardCharsets.US_ASCII;
+
 import de.rub.nds.scanner.core.probe.requirements.ProbeRequirement;
 import de.rub.nds.scanner.core.probe.requirements.Requirement;
 import de.rub.nds.scanner.core.probe.result.TestResult;
 import de.rub.nds.scanner.core.probe.result.TestResults;
 import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.constants.ExtensionType;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.SniType;
+import de.rub.nds.tlsattacker.core.protocol.message.extension.sni.ServerNamePair;
 import de.rub.nds.tlsattacker.core.state.State;
 import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceResultUtil;
@@ -23,6 +27,8 @@
 import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
 import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
 import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
+import java.util.LinkedList;
+import java.util.List;
 
 public class AlpacaProbe extends TlsServerProbe {
 
@@ -52,7 +58,12 @@ private TestResult isSupportingStrictSni() {
         Config tlsConfig = configSelector.getAnyWorkingBaseConfig();
         tlsConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HELLO);
         tlsConfig.setAddServerNameIndicationExtension(true);
-        tlsConfig.getDefaultClientConnection().setHostname("notarealtls-attackerhost.com");
+        tlsConfig.setDefaultSniHostnames(
+                new LinkedList<>(
+                        List.of(
+                                new ServerNamePair(
+                                        SniType.HOST_NAME.getValue(),
+                                        "notarealtls-attackerhost.com".getBytes(US_ASCII)))));
         tlsConfig.setAddAlpnExtension(false);
         State state = new State(tlsConfig);
         executeState(state);
