Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #35 from tomato42/fingerprints
Fingerprint enhancements and new fingerprints
- Loading branch information
Showing
194 changed files
with
22,559 additions
and
1,768 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
Server configuration | ||
==================== | ||
|
||
|
||
OpenSSL | ||
------- | ||
|
||
Key/cert generation: | ||
|
||
openssl ocsp -index ca/index.txt -port 8888 -rsigner ca/cert.pem -rkey ca/key.pem -CA ca/cert.pem | ||
touch srpfile.bin | ||
openssl srp -add -srpvfile srpfile.bin -gn 2048 -passin pass:test user | ||
|
||
Server start: | ||
|
||
openssl s_server -key localhost/key.pem -cert localhost/cert.pem -www \ | ||
-nextprotoneg 'http/1.1,h2' -status -servername example -cert2 example/cert.pem \ | ||
-key2 example/key.pem -status_url http://localhost:8888 -alpn 'http/1.1,h2' \ | ||
-CAfile ca/cert.pem -psk_hint example-hint -psk 0fbacdf271823b -srpvfile srpfile.bin \ | ||
-use_srtp SRTP_AES128_CM_SHA1_80 | ||
|
||
|
||
NSS | ||
--- | ||
|
||
Key/cert setup: | ||
|
||
openssl pkcs12 -export -passout pass: -out localhost.p12 -inkey localhost/key.pem -in localhost/cert.pem -name localhost | ||
openssl pkcs12 -export -passout pass: -out example.p12 -inkey example/key.pem -in example/cert.pem -name example | ||
openssl pkcs12 -export -passout pass: -out ca.p12 -inkey ca/key.pem -in ca/cert.pem -name ca | ||
mkdir nssdb | ||
certutil -N --empty-password -d sql:nssdb | ||
pk12util -i localhost.p12 -d sql:nssdb -W '' | ||
pk12util -i ca.p12 -d sql:nssdb -W '' | ||
pk12util -i example.p12 -d sql:nssdb -W '' | ||
|
||
Server start: | ||
|
||
selfserv -d sql:./nssdb -p 4433 -V tls1.0: -H 1 -z -n localhost -T good -A ca -a example -c :c013:0033:002F -u -G -Q | ||
|
||
|
||
GnuTLS | ||
------ | ||
|
||
Setup: | ||
|
||
echo garbage > ocsp.der | ||
|
||
Server start: | ||
|
||
gnutls-serv --http -p 4433 --x509keyfile localhost/key.pem \ | ||
--x509certfile localhost/cert.pem --disable-client-cert \ | ||
--srtp-profiles SRTP_AES128_CM_HMAC_SHA1_80 --ocsp-response ocsp.der --heartbeat |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,26 @@ | ||
Description: Apache Tomcat 7.0.54 (JSSE; BIO; Java 1.8.0_40) | ||
|
||
ZeroHelloVersion: *(303)alert:HandshakeFailure:fatal| | ||
BadContentType: *(303)alert:UnexpectedMesage:fatal| | ||
SNIEmptyName: *(303)alert:UnexpectedMesage:fatal| | ||
TwoInvalidPackets: *(303)alert:UnexpectedMesage:fatal| | ||
BadContentType: *(303)alert:UnexpectedMessage:fatal| | ||
BadHandshakeMessage: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMessage:fatal| | ||
DoubleClientHello: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMessage:fatal| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMessage:fatal| | ||
EmptyRecord: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
RecordLengthUnderflow: writeerror:ECONNRESET| | ||
Heartbeat: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
Heartbleed: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
BadHandshakeMessage: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
HighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
HighTLSVersion: *(303)alert:UnexpectedMessage:fatal| | ||
NoCiphers: *(301)alert:HandshakeFailure:fatal| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerKeyExchange|handshake:ServerHelloDone| | ||
NoCiphers: *(301)alert:HandshakeFailure:fatal| | ||
VeryHighTLSVersion: *(303)alert:UnexpectedMesage:fatal| | ||
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
DoubleClientHello: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMesage:fatal| | ||
Heartbeat: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
HighTLSVersion: *(303)alert:UnexpectedMesage:fatal| | ||
HighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMesage:fatal| | ||
RecordLengthOverflow: error:timeout | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|*(301)alert:UnexpectedMesage:fatal| | ||
RecordLengthUnderflow: writeerror:ECONNRESET| | ||
SNIEmptyName: *(303)alert:UnexpectedMessage:fatal| | ||
SNILongName: *(303)alert:UnexpectedMessage:fatal| | ||
SNIWrongName: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
SNILongName: *(303)alert:UnexpectedMesage:fatal| | ||
ZeroTLSVersion: *(303)alert:UnexpectedMesage:fatal| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
TwoInvalidPackets: *(303)alert:UnexpectedMessage:fatal| | ||
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
VeryHighTLSVersion: *(303)alert:UnexpectedMessage:fatal| | ||
ZeroHelloVersion: *(303)alert:HandshakeFailure:fatal| | ||
ZeroTLSVersion: *(303)alert:UnexpectedMessage:fatal| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,26 @@ | ||
Description: Apache Tomcat 7.0.54 (JSSE; NIO; Java 1.8.0_40) | ||
|
||
ZeroHelloVersion: error:Unexpected EOF receiving record header - server closed connection| | ||
BadContentType: error:Unexpected EOF receiving record header - server closed connection| | ||
SNIEmptyName: error:Unexpected EOF receiving record header - server closed connection| | ||
TwoInvalidPackets: error:Unexpected EOF receiving record header - server closed connection| | ||
EmptyRecord: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
RecordLengthUnderflow: error:Unexpected EOF receiving record header - server closed connection| | ||
Heartbleed: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
BadHandshakeMessage: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerKeyExchange|handshake:ServerHelloDone| | ||
NoCiphers: error:Unexpected EOF receiving record header - server closed connection| | ||
VeryHighTLSVersion: error:Unexpected EOF receiving record header - server closed connection| | ||
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection| | ||
DoubleClientHello: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection| | ||
EmptyRecord: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
Heartbeat: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
HighTLSVersion: error:Unexpected EOF receiving record header - server closed connection| | ||
Heartbleed: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
HighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection| | ||
HighTLSVersion: error:Unexpected EOF receiving record header - server closed connection| | ||
NoCiphers: error:Unexpected EOF receiving record header - server closed connection| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerKeyExchange|handshake:ServerHelloDone| | ||
RecordLengthOverflow: error:timeout | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone|error:Unexpected EOF receiving record header - server closed connection| | ||
SNIWrongName: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
RecordLengthUnderflow: error:Unexpected EOF receiving record header - server closed connection| | ||
SNIEmptyName: error:Unexpected EOF receiving record header - server closed connection| | ||
SNILongName: error:Unexpected EOF receiving record header - server closed connection| | ||
SNIWrongName: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|handshake:Certificate|handshake:ServerHelloDone| | ||
TwoInvalidPackets: error:Unexpected EOF receiving record header - server closed connection| | ||
VeryHighHelloVersion: *(303)handshake:ServerHello(303)|handshake:Certificate|handshake:ServerHelloDone| | ||
VeryHighTLSVersion: error:Unexpected EOF receiving record header - server closed connection| | ||
ZeroHelloVersion: error:Unexpected EOF receiving record header - server closed connection| | ||
ZeroTLSVersion: error:Unexpected EOF receiving record header - server closed connection| |
32 changes: 16 additions & 16 deletions
32
fingerprints/apache-tomcat-7054-tomcat-native-1130-apr-148.fp
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,26 +1,26 @@ | ||
Description: Apache Tomcat 7.0.54 (Tomcat Native 1.1.30; APR 1.4.8) | ||
|
||
ZeroHelloVersion: *(301)alert:ProtocolVersion:fatal| | ||
BadContentType: error:timeout | ||
SNIEmptyName: *(301)alert:DecodeError:fatal| | ||
TwoInvalidPackets: error:ECONNRESET| | ||
EmptyRecord: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
RecordLengthUnderflow: writeerror:ECONNRESET| | ||
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
BadHandshakeMessage: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:IllegalParameter:fatal| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerKeyExchange|*(301)handshake:ServerHelloDone| | ||
NoCiphers: *(301)alert:IllegalParameter:fatal| | ||
VeryHighTLSVersion: error:ECONNRESET| | ||
VeryHighHelloVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
DoubleClientHello: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
EmptyRecord: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
Heartbeat: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
HighTLSVersion: error:ECONNRESET| | ||
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
HighHelloVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
HighTLSVersion: error:ECONNRESET| | ||
NoCiphers: *(301)alert:IllegalParameter:fatal| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerKeyExchange|*(301)handshake:ServerHelloDone| | ||
RecordLengthOverflow: error:timeout | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
SNIWrongName: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
RecordLengthUnderflow: writeerror:ECONNRESET| | ||
SNIEmptyName: *(301)alert:DecodeError:fatal| | ||
SNILongName: *(301)alert:UnrecognizedName:fatal| | ||
SNIWrongName: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
TwoInvalidPackets: error:ECONNRESET| | ||
VeryHighHelloVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
VeryHighTLSVersion: error:ECONNRESET| | ||
ZeroHelloVersion: *(301)alert:ProtocolVersion:fatal| | ||
ZeroTLSVersion: error:ECONNRESET| |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,23 +1,23 @@ | ||
Description: axTLS-1.5.2 | ||
Description: axTLS 1.5.2 | ||
|
||
HighHelloVersion: *(302)handshake:ServerHello(302)|*(302)handshake:Certificate|*(302)handshake:ServerHelloDone| | ||
ZeroHelloVersion: *(300)alert:ProtocolVersion:fatal| | ||
BadContentType: *(300)alert:HandshakeFailure:fatal| | ||
BadHandshakeMessage: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
DoubleClientHello: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
EmptyRecord: error:Unexpected EOF receiving record header - server closed connection| | ||
Heartbeat: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
HighHelloVersion: *(302)handshake:ServerHello(302)|*(302)handshake:Certificate|*(302)handshake:ServerHelloDone| | ||
HighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
NoCiphers: *(301)alert:IllegalParameter:fatal| | ||
BadContentType: *(300)alert:HandshakeFailure:fatal| | ||
VeryHighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)alert:IllegalParameter:fatal| | ||
RecordLengthOverflow: *(300)alert:HandshakeFailure:fatal| | ||
Heartbleed: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
RecordLengthUnderflow: writeerror:EPIPE| | ||
SplitHelloPackets: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
TwoInvalidPackets: writeerror:EPIPE| | ||
VeryHighHelloVersion: *(302)handshake:ServerHello(302)|*(302)handshake:Certificate|*(302)handshake:ServerHelloDone| | ||
EmptyChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
ChangeCipherSpec: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
NormalHandshake: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
Heartbeat: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| | ||
EmptyRecord: error:Unexpected EOF receiving record header - server closed connection| | ||
VeryHighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
ZeroHelloVersion: *(300)alert:ProtocolVersion:fatal| | ||
ZeroTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
OnlyECCipherSuites: *(301)alert:IllegalParameter:fatal| | ||
HighTLSVersion: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone| | ||
RecordLengthUnderflow: writeerror:EPIPE| | ||
DoubleClientHello: *(301)handshake:ServerHello(301)|*(301)handshake:Certificate|*(301)handshake:ServerHelloDone|*(301)alert:HandshakeFailure:fatal| |
Oops, something went wrong.