Remove obsolete codepoints

This commit removes SignatureScheme codepoints 0x0840 and 0x0841, which are marked by RFC 9189 as reserved for backward compatibility. Including them in the ClientHello caused connection attempts to dev.testssl.sh to fail.
dcooper16 · Jun 13, 2024 · 285c970 · 285c970
1 parent 91c298c
commit 285c970
Showing 1 changed file with 2 additions and 3 deletions.
diff --git a/testssl.sh b/testssl.sh
@@ -15566,11 +15566,10 @@ prepare_tls_clienthello() {
           if [[ 0x$tls_low_byte -le 0x03 ]]; then
                extension_signature_algorithms="
                00, 0d,                    # Type: signature_algorithms , see RFC 5246 and RFC 8422
-               00, 34, 00,32,             # lengths
+               00, 30, 00,2e,             # lengths
                06,01, 06,02, 06,03, 05,01, 05,02, 05,03, 04,01, 04,02, 04,03,
                03,01, 03,02, 03,03, 02,01, 02,02, 02,03,
-               08,04, 08,05, 08,06, 08,07, 08,08, 08,09, 08,0a, 08,0b
-               08,40, 08,41"
+               08,04, 08,05, 08,06, 08,07, 08,08, 08,09, 08,0a, 08,0b"
           else
                extension_signature_algorithms="
                00, 0d,                    # Type: signature_algorithms , see RFC 8446