From d2f5c2633cf93727a8f214071703f0a89d0daa37 Mon Sep 17 00:00:00 2001
From: Dirk Wetter <dirk@testssl.sh>
Date: Tue, 23 Apr 2019 10:32:17 +0200
Subject: [PATCH] Add a few MS client hellos

* Edge 17 Win 10
* Firefox 66 Win 10

Disable 'Edge 13 Win Phone 10' per default and 'Firefox 62 Win 7'.
---
 etc/client-simulation.txt             | 30 +++++++++++++++++++++++----
 etc/client-simulation.wiresharked.txt | 26 +++++++++++++++++++++--
 2 files changed, 50 insertions(+), 6 deletions(-)

diff --git a/etc/client-simulation.txt b/etc/client-simulation.txt
index 91c9510..f9e4573 100644
--- a/etc/client-simulation.txt
+++ b/etc/client-simulation.txt
@@ -1350,7 +1350,7 @@
      minEcdsaBits+=(-1)
      curves+=("X25519:prime256v1:secp384r1:secp521r1")
      requiresSha2+=(false)
-     current+=(true)
+     current+=(false)
 
      names+=("Firefox 62 Win 7")
      short+=("firefox_62_win7")
@@ -1373,7 +1373,7 @@
      requiresSha2+=(false)
      current+=(true)
 
-     names+=("Firefox 66 (Win 8.1)")
+     names+=("Firefox 66 (Win 8.1/10)")
      short+=("firefox_66_win81")
      ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
      ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
@@ -1708,7 +1708,7 @@
      minEcdsaBits+=(-1)
      curves+=("prime256v1:secp384r1")
      requiresSha2+=(false)
-     current+=(true)
+     current+=(false)
 
      names+=("Edge 13 Win Phone 10")
      short+=("edge_13_winphone10")
@@ -1729,7 +1729,7 @@
      minEcdsaBits+=(-1)
      curves+=("prime256v1:secp384r1")
      requiresSha2+=(false)
-     current+=(true)
+     current+=(false)
 
      names+=("Edge 15 Win 10")
      short+=("edge_15_win10")
@@ -1752,6 +1752,28 @@
      requiresSha2+=(false)
      current+=(true)
 
+     names+=("Edge 17 (Win 10)")
+     short+=("edge_17_win10")
+     ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
+     ciphersuites+=("")
+     sni+=("$SNI")
+     warning+=("")
+     handshakebytes+=("160303018d0100018903035cbeb3c560acfb3dfe583ba45f51f5e2e36f99dfe5e22f1a230724dfaf5ddbde000026c02cc02bc030c02fc024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0100013a0000001a0018000015737570706f72742e6d6963726f736f66742e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603002300c000000f032566a8435c845ce7de67f2f4fd6c75ed3206c9448a513d4b4f8cd2fedb5f7d1eb4573ce68756fdad198bd3e4eadfd4db2d7794cc69198366edcb9b9ff5803a58718c1de4d6dffeb4354cd48f5dba6de719cebb27d544f6b2f4427e4e5d46f564d3098134d9b69a4e83e233f5dfea099733f75022dba07665d7c35dd09742082a06f080871caaa6a7770ebc9e2c792eb88c44d0d56ae6ba068a189b674491cee28155148c86d53071e170ab354e0fd0e390b9ddda0886b9fa8c70ee1a0010000e000c02683208687474702f312e310017000000180006001003020100ff01000100")
+     protos+=("-no_ssl3 -no_ssl2")
+     tlsvers+=("-tls1_2 -tls1_1 -tls1")
+     lowest_protocol+=("0x0301")
+     highest_protocol+=("0x0303")
+     alpn+=("h2,http/1.1")
+     service+=("HTTP,FTP")
+     minDhBits+=(1024)
+     maxDhBits+=(4096)
+     minRsaBits+=(-1)
+     maxRsaBits+=(16384)
+     minEcdsaBits+=(-1)
+     curves+=("X25519:secp256r1:secp384r1")
+     requiresSha2+=(false)
+     current+=(true)
+
      names+=("Opera 12.15 Win 7")
      short+=("opera_1215_win7")
      ciphers+=("DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DH-RSA-AES256-SHA256:DH-DSS-AES256-SHA256:AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DH-RSA-AES256-SHA:DH-DSS-AES256-SHA:AES256-SHA:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DH-RSA-AES128-SHA256:DH-DSS-AES128-SHA256:AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DH-RSA-AES128-SHA:DH-DSS-AES128-SHA:AES128-SHA:RC4-SHA:RC4-MD5:EDH-DSS-DES-CBC3-SHA:DH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DH-RSA-DES-CBC3-SHA:DES-CBC3-SHA")
diff --git a/etc/client-simulation.wiresharked.txt b/etc/client-simulation.wiresharked.txt
index 7888be1..ae530c4 100644
--- a/etc/client-simulation.wiresharked.txt
+++ b/etc/client-simulation.wiresharked.txt
@@ -70,8 +70,30 @@
      requiresSha2+=(true)
      current+=(true)
 
-     names+=("Firefox 66 (Win 8.1)")
-     short+=("firefox_66_win81")
+     names+=("Edge 17 Win 10")
+     short+=("edge_17_win10")
+     ciphers+=("ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA")
+     ciphersuites+=("")
+     sni+=("$SNI")
+     warning+=("")
+     handshakebytes+=("160303018d0100018903035cbeb3c560acfb3dfe583ba45f51f5e2e36f99dfe5e22f1a230724dfaf5ddbde000026c02cc02bc030c02fc024c023c028c027c00ac009c014c013009d009c003d003c0035002f000a0100013a0000001a0018000015737570706f72742e6d6963726f736f66742e636f6d000500050100000000000a00080006001d00170018000b00020100000d00140012040105010201040305030203020206010603002300c000000f032566a8435c845ce7de67f2f4fd6c75ed3206c9448a513d4b4f8cd2fedb5f7d1eb4573ce68756fdad198bd3e4eadfd4db2d7794cc69198366edcb9b9ff5803a58718c1de4d6dffeb4354cd48f5dba6de719cebb27d544f6b2f4427e4e5d46f564d3098134d9b69a4e83e233f5dfea099733f75022dba07665d7c35dd09742082a06f080871caaa6a7770ebc9e2c792eb88c44d0d56ae6ba068a189b674491cee28155148c86d53071e170ab354e0fd0e390b9ddda0886b9fa8c70ee1a0010000e000c02683208687474702f312e310017000000180006001003020100ff01000100")
+     protos+=("-no_ssl3 -no_ssl2")
+     tlsvers+=("-tls1_2 -tls1_1 -tls1")
+     lowest_protocol+=("0x0301")
+     highest_protocol+=("0x0303")
+     alpn+=("h2,http/1.1")
+     service+=("HTTP,FTP")
+     minDhBits+=(1024)
+     maxDhBits+=(4096)
+     minRsaBits+=(-1)
+     maxRsaBits+=(16384)
+     minEcdsaBits+=(-1)
+     curves+=("X25519:secp256r1:secp384r1")
+     requiresSha2+=(false)
+     current+=(true)
+
+     names+=("Firefox 66 (Win 8.1/10)")
+     short+=("firefox_66_win")
      ciphers+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA")
      ciphersuites+=("TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384")
      sni+=("$SNI")