Merge pull request #679 from tls-attacker/fix-deprecation-warnings

ic0ns · web-flow · commit aa0f4f48d340 · 2025-07-01T08:30:34.000+04:00
Fix deprecation warnings for TLS-Attacker 7.5.x compatibility
diff --git a/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/config/ClientScannerConfig.java b/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/config/ClientScannerConfig.java
@@ -91,7 +91,7 @@ public Config createConfig() {
             Configurator.setAllLevels("de.rub.nds.tlsscanner", Level.OFF);
         }
 
-        Config config = super.createConfig(Config.createConfig());
+        Config config = super.createConfig(new Config());
         config.getDefaultClientConnection().setTimeout(getTimeout());
         config.setRespectClientProposedExtensions(true);
         // will only be added if proposed by client
diff --git a/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/CertificateProbe.java b/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/CertificateProbe.java
@@ -12,7 +12,6 @@
 import de.rub.nds.scanner.core.probe.requirements.PropertyTrueRequirement;
 import de.rub.nds.scanner.core.probe.requirements.Requirement;
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.ClientCertificateType;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
@@ -93,8 +92,7 @@ private Config getConfig(ClientCertificateType clientCertType) {
 
     private boolean isCipherSuiteSuitableForCertType(
             CipherSuite cipherSuite, ClientCertificateType clientCertType) {
-        KeyExchangeAlgorithm keyExchangeAlgorithm =
-                AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite);
+        KeyExchangeAlgorithm keyExchangeAlgorithm = cipherSuite.getKeyExchangeAlgorithm();
         switch (clientCertType) {
             case RSA_SIGN:
                 return keyExchangeAlgorithm == KeyExchangeAlgorithm.RSA
diff --git a/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/DheParameterProbe.java b/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/DheParameterProbe.java
@@ -13,7 +13,6 @@
 import de.rub.nds.scanner.core.probe.requirements.Requirement;
 import de.rub.nds.scanner.core.probe.result.TestResults;
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.RunningModeType;
 import de.rub.nds.tlsattacker.core.protocol.message.FinishedMessage;
@@ -193,8 +192,8 @@ public Requirement<ClientReport> getRequirements() {
     public void adjustConfig(ClientReport report) {
         supportedDheCipherSuites = new LinkedList<>();
         for (CipherSuite suite : report.getSupportedCipherSuites()) {
-            if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) != null
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(suite).isKeyExchangeDhe()) {
+            if (suite.getKeyExchangeAlgorithm() != null
+                    && suite.getKeyExchangeAlgorithm().isKeyExchangeDhe()) {
                 supportedDheCipherSuites.add(suite);
             }
         }
diff --git a/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/FreakProbe.java b/TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/FreakProbe.java
@@ -14,7 +14,6 @@
 import de.rub.nds.scanner.core.probe.result.TestResult;
 import de.rub.nds.scanner.core.probe.result.TestResults;
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
 import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
@@ -106,7 +105,7 @@ protected void executeTest() {
     public void adjustConfig(ClientReport report) {
         supportedRsaCipherSuites = new LinkedList<>();
         for (CipherSuite suite : report.getSupportedCipherSuites()) {
-            if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.RSA) {
+            if (suite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.RSA) {
                 supportedRsaCipherSuites.add(suite);
             }
         }
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/ciphersuite/CipherSuiteEvaluationHelper.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/ciphersuite/CipherSuiteEvaluationHelper.java
@@ -207,7 +207,7 @@ public void mergeData(TlsScanReport report, TlsProbe probe) {
     }
 
     public void adjustCipherType(CipherSuite suite) {
-        CipherType cipherType = AlgorithmResolver.getCipherType(suite);
+        CipherType cipherType = suite.getCipherType();
         switch (cipherType) {
             case AEAD:
                 supportsAeadCiphers = TestResults.TRUE;
@@ -291,7 +291,7 @@ public void adjustKeyExchange(CipherSuite suite) {
     }
 
     public void adjustBulk(CipherSuite suite) {
-        BulkCipherAlgorithm bulkCipherAlgorithm = AlgorithmResolver.getBulkCipherAlgorithm(suite);
+        BulkCipherAlgorithm bulkCipherAlgorithm = BulkCipherAlgorithm.getBulkCipherAlgorithm(suite);
         switch (bulkCipherAlgorithm) {
             case AES:
                 supportsAes = TestResults.TRUE;
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/PaddingOracleAttacker.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/PaddingOracleAttacker.java
@@ -9,7 +9,6 @@
 package de.rub.nds.tlsscanner.core.probe.padding;
 
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
@@ -191,8 +190,7 @@ private EqualityError getEqualityError(List<VectorResponse> responseVectorList)
     private void prepareConfig() {
         tlsConfig.setHighestProtocolVersion(testedVersion);
         tlsConfig.setDefaultClientSupportedCipherSuites(testedSuite);
-        KeyExchangeAlgorithm keyExchangeAlgorithm =
-                AlgorithmResolver.getKeyExchangeAlgorithm(testedSuite);
+        KeyExchangeAlgorithm keyExchangeAlgorithm = testedSuite.getKeyExchangeAlgorithm();
         if (keyExchangeAlgorithm != null
                 && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) {
             tlsConfig.setAddEllipticCurveExtension(true);
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/vector/LongRecordPaddingGenerator.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/vector/LongRecordPaddingGenerator.java
@@ -22,7 +22,7 @@ public List<PaddingVector> getVectors(CipherSuite suite, ProtocolVersion version
         // Total plaintext size is not allowed to be bigger than 16384
         // MAC + Plaintext
         List<PaddingVector> vectorList = new LinkedList<>();
-        int blockSize = AlgorithmResolver.getCipher(suite).getBlocksize();
+        int blockSize = suite.getCipherAlgorithm().getBlocksize();
         int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getMacLength();
         vectorList.add(
                 new TripleVector(
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/vector/TripleVector.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/probe/padding/vector/TripleVector.java
@@ -76,10 +76,10 @@ public int getRecordLength(
         r.setCleanProtocolMessageBytes(new byte[appDataLength]);
         r.getComputations().setMac(new byte[macLength]);
         int paddingLength =
-                AlgorithmResolver.getCipher(testedSuite).getBlocksize()
+                testedSuite.getCipherAlgorithm().getBlocksize()
                         - ((r.getCleanProtocolMessageBytes().getValue().length
                                         + r.getComputations().getMac().getValue().length)
-                                % AlgorithmResolver.getCipher(testedSuite).getBlocksize());
+                                % testedSuite.getCipherAlgorithm().getBlocksize());
 
         r.getComputations().setPadding(new byte[paddingLength]);
         return DataConverter.concatenate(
diff --git a/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/TlsScanReport.java b/TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/report/TlsScanReport.java
@@ -15,7 +15,6 @@
 import de.rub.nds.scanner.core.probe.result.SetResult;
 import de.rub.nds.scanner.core.probe.result.TestResults;
 import de.rub.nds.scanner.core.report.ScanReport;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.CompressionMethod;
 import de.rub.nds.tlsattacker.core.constants.ExtensionType;
@@ -418,7 +417,7 @@ public synchronized List<CipherSuite> getSupportedCipherSuitesWithKeyExchange(
                     .filter(
                             cipherSuite ->
                                     matchingKeyExchangeAlgorithms.contains(
-                                            AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)))
+                                            cipherSuite.getKeyExchangeAlgorithm()))
                     .collect(Collectors.toList());
         }
     }
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/BleichenbacherProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/BleichenbacherProbe.java
@@ -14,7 +14,6 @@
 import de.rub.nds.scanner.core.probe.requirements.Requirement;
 import de.rub.nds.scanner.core.probe.result.TestResult;
 import de.rub.nds.scanner.core.probe.result.TestResults;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
@@ -75,8 +74,7 @@ protected void executeTest() {
             for (VersionSuiteListPair pair : serverSupportedSuites) {
                 if (!pair.getVersion().isSSL() && !pair.getVersion().isTLS13()) {
                     for (CipherSuite suite : pair.getCipherSuiteList()) {
-                        if (AlgorithmResolver.getKeyExchangeAlgorithm(suite)
-                                        == KeyExchangeAlgorithm.RSA
+                        if (suite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.RSA
                                 && CipherSuite.getImplemented().contains(suite)) {
                             BleichenbacherScanType recordGeneratorType =
                                     scanDetail.isGreaterEqualTo(ScannerDetail.ALL)
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/CertificateProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/CertificateProbe.java
@@ -12,7 +12,6 @@
 import de.rub.nds.scanner.core.probe.requirements.Requirement;
 import de.rub.nds.scanner.core.probe.result.TestResults;
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
 import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
@@ -151,8 +150,7 @@ private X509CertificateChain getRsaCert() {
         LinkedList<CipherSuite> cipherSuitesToTest = new LinkedList<>();
         for (CipherSuite cipherSuite : CipherSuite.values()) {
             if (cipherSuite.isRealCipherSuite()
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
-                            == KeyExchangeAlgorithm.RSA) {
+                    && cipherSuite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.RSA) {
                 cipherSuitesToTest.add(cipherSuite);
             }
         }
@@ -163,8 +161,7 @@ private X509CertificateChain getDhRsaCert() {
         LinkedList<CipherSuite> cipherSuitesToTest = new LinkedList<>();
         for (CipherSuite cipherSuite : CipherSuite.values()) {
             if (cipherSuite.isRealCipherSuite()
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
-                            == KeyExchangeAlgorithm.DH_RSA) {
+                    && cipherSuite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.DH_RSA) {
                 cipherSuitesToTest.add(cipherSuite);
             }
         }
@@ -175,9 +172,8 @@ private X509CertificateChain getEcDheRsaCert() {
         LinkedList<CipherSuite> cipherSuitesToTest = new LinkedList<>();
         for (CipherSuite cipherSuite : CipherSuite.values()) {
             if (cipherSuite.isRealCipherSuite()
-                    && (AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
-                                    == KeyExchangeAlgorithm.DHE_RSA
-                            || AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
+                    && (cipherSuite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.DHE_RSA
+                            || cipherSuite.getKeyExchangeAlgorithm()
                                     == KeyExchangeAlgorithm.ECDHE_RSA)) {
                 cipherSuitesToTest.add(cipherSuite);
             }
@@ -190,8 +186,7 @@ private List<X509CertificateChain> getEcdhRsaCerts() {
         LinkedList<CipherSuite> cipherSuitesToTest = new LinkedList<>();
         for (CipherSuite cipherSuite : CipherSuite.values()) {
             if (cipherSuite.isRealCipherSuite()
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
-                            == KeyExchangeAlgorithm.ECDH_RSA) {
+                    && cipherSuite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.ECDH_RSA) {
                 cipherSuitesToTest.add(cipherSuite);
             }
         }
@@ -212,8 +207,7 @@ private List<X509CertificateChain> getEcdhEcdsaCerts() {
         LinkedList<CipherSuite> cipherSuitesToTest = new LinkedList<>();
         for (CipherSuite cipherSuite : CipherSuite.values()) {
             if (cipherSuite.isRealCipherSuite()
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
-                            == KeyExchangeAlgorithm.ECDH_ECDSA) {
+                    && cipherSuite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.ECDH_ECDSA) {
                 cipherSuitesToTest.add(cipherSuite);
             }
         }
@@ -232,8 +226,7 @@ private List<X509CertificateChain> getEcdheEcdsaCerts() {
         LinkedList<CipherSuite> cipherSuitesToTest = new LinkedList<>();
         for (CipherSuite cipherSuite : CipherSuite.values()) {
             if (cipherSuite.isRealCipherSuite()
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite)
-                            == KeyExchangeAlgorithm.ECDHE_ECDSA) {
+                    && cipherSuite.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.ECDHE_ECDSA) {
                 cipherSuitesToTest.add(cipherSuite);
             }
         }
@@ -364,7 +357,7 @@ private List<NamedGroup> getAllCurves() {
     private List<NamedGroup> getTls13Curves() {
         LinkedList<NamedGroup> curves = new LinkedList<>();
         for (NamedGroup group : NamedGroup.values()) {
-            if (group.isCurve() && group.isTls13()) {
+            if (group.isEcGroup() && group.isTls13()) {
                 curves.add(group);
             }
         }
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/InvalidCurveProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/InvalidCurveProbe.java
@@ -690,13 +690,11 @@ private boolean groupQualifiedForCipherSuite(NamedGroup testGroup, CipherSuite t
                             && AlgorithmResolver.getSuiteableLeafCertificateKeyType(testCipher)[0]
                                     == X509PublicKeyType.RSA
                             && !namedCurveWitnesses.get(testGroup).isFoundUsingRsaCipher())
-                    || (AlgorithmResolver.getKeyExchangeAlgorithm(testCipher)
-                                    == KeyExchangeAlgorithm.ECDHE_ECDSA
+                    || (testCipher.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.ECDHE_ECDSA
                             && !namedCurveWitnesses
                                     .get(testGroup)
                                     .isFoundUsingEcdsaEphemeralCipher())
-                    || (AlgorithmResolver.getKeyExchangeAlgorithm(testCipher)
-                                    == KeyExchangeAlgorithm.ECDH_ECDSA
+                    || (testCipher.getKeyExchangeAlgorithm() == KeyExchangeAlgorithm.ECDH_ECDSA
                             && !namedCurveWitnesses
                                     .get(testGroup)
                                     .isFoundUsingEcdsaStaticCipher())) {
@@ -724,7 +722,7 @@ private List<NamedGroup> getRequiredGroups(NamedGroup testGroup, CipherSuite tes
             }
         } else {
             // RSA cipher suites don't require any additional groups
-            if (AlgorithmResolver.getKeyExchangeAlgorithm(testCipher).isEC()) {
+            if (testCipher.getKeyExchangeAlgorithm().isEC()) {
                 if (namedCurveWitnesses.get(testGroup).getEcdhPublicKeyGroup() != null
                         && namedCurveWitnesses.get(testGroup).getEcdhPublicKeyGroup()
                                 != testGroup) {
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/NamedGroupsProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/NamedGroupsProbe.java
@@ -13,7 +13,6 @@
 import de.rub.nds.scanner.core.probe.result.TestResult;
 import de.rub.nds.scanner.core.probe.result.TestResults;
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.EllipticCurveType;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
@@ -247,8 +246,7 @@ private List<CipherSuite> getCipherSuiteByKeyExchange(KeyExchangeAlgorithm... al
         for (CipherSuite cipherSuite : supportedCipherSuites) {
             if (cipherSuite.isRealCipherSuite()
                     && !cipherSuite.isTls13()
-                    && algorithmList.contains(
-                            AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite))) {
+                    && algorithmList.contains(cipherSuite.getKeyExchangeAlgorithm())) {
                 chosenCipherSuites.add(cipherSuite);
             }
         }
@@ -260,7 +258,7 @@ private List<CipherSuite> getAllEcCipherSuites() {
         for (CipherSuite suite : supportedCipherSuites) {
             if (suite.isRealCipherSuite()
                     && !suite.isTls13()
-                    && AlgorithmResolver.getKeyExchangeAlgorithm(suite).isKeyExchangeEcdh()) {
+                    && suite.getKeyExchangeAlgorithm().isKeyExchangeEcdh()) {
                 suiteList.add(suite);
             }
         }
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/RandomnessProbe.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/RandomnessProbe.java
@@ -11,7 +11,6 @@
 import de.rub.nds.scanner.core.probe.requirements.ProbeRequirement;
 import de.rub.nds.scanner.core.probe.requirements.Requirement;
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.ExtensionType;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
@@ -79,7 +78,7 @@ private void chooseBestCipherAndVersion(ServerReport report) {
                                             || pair.getVersion() == ProtocolVersion.TLS11)
                             || pair.getVersion() == ProtocolVersion.DTLS12
                             || pair.getVersion() == ProtocolVersion.DTLS10) {
-                        score += AlgorithmResolver.getCipher(suite).getBlocksize();
+                        score += suite.getCipherAlgorithm().getBlocksize();
                     }
                 } else {
                     score += 28;
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/drown/ServerVerifyChecker.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/drown/ServerVerifyChecker.java
@@ -18,13 +18,13 @@
 import java.util.Arrays;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.digests.MD5Digest;
 import org.bouncycastle.crypto.engines.DESEngine;
 import org.bouncycastle.crypto.engines.DESedeEngine;
 import org.bouncycastle.crypto.engines.RC2Engine;
 import org.bouncycastle.crypto.engines.RC4Engine;
 import org.bouncycastle.crypto.modes.CBCBlockCipher;
+import org.bouncycastle.crypto.modes.CBCModeCipher;
 import org.bouncycastle.crypto.params.DESParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -124,7 +124,7 @@ private static byte[] decryptRC2(SSL2ServerVerifyMessage message, TlsContext con
     }
 
     static byte[] decryptRC2(byte[] clientReadKey, byte[] encrypted, byte[] iv, int paddingLength) {
-        CBCBlockCipher cbcRc2 = new CBCBlockCipher(new RC2Engine());
+        CBCModeCipher cbcRc2 = CBCBlockCipher.newInstance(new RC2Engine());
         ParametersWithIV cbcRc2Params = new ParametersWithIV(new KeyParameter(clientReadKey), iv);
         cbcRc2.init(false, cbcRc2Params);
 
@@ -141,7 +141,7 @@ private static byte[] decryptCbcDes(SSL2ServerVerifyMessage message, TlsContext
         DESParameters.setOddParity(clientReadKey);
         byte[] iv = context.getSSL2Iv();
 
-        CBCBlockCipher cbcDes = new CBCBlockCipher(new DESEngine());
+        CBCModeCipher cbcDes = CBCBlockCipher.newInstance(new DESEngine());
         ParametersWithIV cbcDesParams = new ParametersWithIV(new DESParameters(clientReadKey), iv);
         cbcDes.init(false, cbcDesParams);
 
@@ -159,7 +159,7 @@ private static byte[] decryptCbcDesEde3(SSL2ServerVerifyMessage message, TlsCont
         System.arraycopy(keyMaterial1, 0, clientReadKey, keyMaterial0.length, 8);
         byte[] iv = context.getSSL2Iv();
 
-        CBCBlockCipher cbcDesEde = new CBCBlockCipher(new DESedeEngine());
+        CBCModeCipher cbcDesEde = CBCBlockCipher.newInstance(new DESedeEngine());
         ParametersWithIV params = new ParametersWithIV(new KeyParameter(clientReadKey), iv);
         cbcDesEde.init(false, params);
 
@@ -213,7 +213,7 @@ private static void md5Update(MD5Digest md5, byte[] bytes) {
     }
 
     private static byte[] processEncryptedBlocks(
-            BlockCipher cipher, byte[] encrypted, int paddingLength) {
+            CBCModeCipher cipher, byte[] encrypted, int paddingLength) {
         if (encrypted.length % cipher.getBlockSize() != 0) {
             LOGGER.warn("Server-Verify payload has invalid length");
             return new byte[0];
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/namedgroup/NamedGroupWitness.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/namedgroup/NamedGroupWitness.java
diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/selector/ConfigSelector.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/selector/ConfigSelector.java
diff --git a/TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/report/ServerReportSerializerTest.java b/TLS-Server-Scanner/src/test/java/de/rub/nds/tlsscanner/serverscanner/report/ServerReportSerializerTest.java

Original file line number	Diff line number	Diff line change
`@@ -91,7 +91,7 @@ public Config createConfig() {`
`91`	`91`	`Configurator.setAllLevels("de.rub.nds.tlsscanner", Level.OFF);`
`92`	`92`	`}`
`93`	`93`
`94`		`- Config config = super.createConfig(Config.createConfig());`
	`94`	`+ Config config = super.createConfig(new Config());`
`95`	`95`	`config.getDefaultClientConnection().setTimeout(getTimeout());`
`96`	`96`	`config.setRespectClientProposedExtensions(true);`
`97`	`97`	`// will only be added if proposed by client`