Merge pull request #420 from tls-attacker/fix/tlsAttackerCompatibility

Fix compatibility with new TLS-Attacker version

Author: mmaehren

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/EsniProbe.java

@@ -20,6 +20,8 @@
 import de.rub.nds.tlsattacker.core.state.State;
 import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceResultUtil;
+import de.rub.nds.tlsattacker.core.workflow.action.EsniKeyDnsRequestAction;
+import de.rub.nds.tlsattacker.core.workflow.action.TlsAction;
 import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
 import de.rub.nds.tlsscanner.core.constants.ProtocolType;
 import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
@@ -49,6 +51,8 @@ protected void executeTest() {
         tlsConfig.setDefaultClientKeyShareNamedGroups(NamedGroup.ECDH_X25519);
         State state = new State(tlsConfig);
         executeState(state);
+        TlsAction firstFailedAction =
+                WorkflowTraceResultUtil.getFirstFailedAction(state.getWorkflowTrace());
 
         TlsContext context = state.getTlsContext();
         boolean isDnsKeyRecordAvailable = context.getEsniRecordBytes() != null;
@@ -57,7 +61,8 @@ protected void executeTest() {
                         && Arrays.equals(
                                 context.getEsniServerNonce(), context.getEsniClientNonce());
         if (!WorkflowTraceResultUtil.didReceiveMessage(
-                state.getWorkflowTrace(), HandshakeMessageType.SERVER_HELLO)) {
+                        state.getWorkflowTrace(), HandshakeMessageType.SERVER_HELLO)
+                && !EsniKeyDnsRequestAction.class.equals(firstFailedAction.getClass())) {
             receivedCorrectNonce = TestResults.ERROR_DURING_TEST;
         } else if (isDnsKeyRecordAvailable && isReceivedCorrectNonce) {
             receivedCorrectNonce = TestResults.TRUE;

TLS-Server-Scanner/src/main/resources/configs/default.config

@@ -357,7 +357,6 @@
         <defaultClientSupportedCipherSuite>TLS_PSK_WITH_AES_256_CCM_8</defaultClientSupportedCipherSuite>
         <defaultClientSupportedCipherSuite>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultClientSupportedCipherSuite>
         <defaultClientSupportedCipherSuite>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultClientSupportedCipherSuite>
-        <defaultClientSupportedCipherSuite>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultClientSupportedCipherSuite>
         <defaultClientSupportedCipherSuite>TLS_ECDHE_ECDSA_WITH_AES_128_CCM</defaultClientSupportedCipherSuite>
         <defaultClientSupportedCipherSuite>TLS_ECDHE_ECDSA_WITH_AES_256_CCM</defaultClientSupportedCipherSuite>
         <defaultClientSupportedCipherSuite>TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8</defaultClientSupportedCipherSuite>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BEARSSL_0.4.config

@@ -236,7 +236,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2272.config

@@ -232,7 +232,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2311.config

@@ -232,7 +232,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2357.config

@@ -232,7 +232,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2490.config

@@ -231,7 +231,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2564.config

@@ -230,7 +230,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2623.config

@@ -232,7 +232,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>

TLS-Server-Scanner/src/main/resources/extracted_client_configs/client_BORINGSSL_2661.config

@@ -230,7 +230,6 @@
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_128_CCM_8</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_8</defaultServerSupportedCipherSuites>
-        <defaultServerSupportedCipherSuites>TLS_PSK_DHE_WITH_AES_256_CCM_80</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_3DES_EDE_CBC_SHA</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CBC_SHA256</defaultServerSupportedCipherSuites>
         <defaultServerSupportedCipherSuites>TLS_PSK_WITH_AES_128_CCM</defaultServerSupportedCipherSuites>