Add ECDHE suites to TLS handshake

sfan5 · sfan5 · commit 3640f90dc3c8 · 2026-01-01T20:55:20.000+01:00
diff --git a/src/banner.c b/src/banner.c
@@ -166,29 +166,40 @@ static const char *get_query_tcp(int port, unsigned int *len)
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 	;
-	// This handshake claims support for DHE + AES-128 and AES-256 either in CBC
-	// or GCM mode, as well as SHA256 and SHA1 for signatures so it should work
+	// This handshake claims support for (EC-)DHE + AES-128 or AES-256 + CBC
+	// or GCM mode, and SHA256 or SHA1 for signatures so it should work
 	// with modern as well as older server configs.
 	static const char tls[] =
 		"\x16" // Handshake (22)
 		"\x03\x03" // TLS 1.2
-		"\x00\x3f" // Length
+		"\x00\x63" // Length
 		"\x01" // Client Hello (1)
-		"\x00\x00\x3b" // Length
+		"\x00\x00\x5f" // Length
 		"\x03\x03" // TLS 1.2
 
 		// Random
 		"\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa"
 		"\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa"
 
 		"\x00" // Session ID length
-		"\x00\x08" // Cipher Suites length (= 8)
-		"\x00\x9e\x00\x9f\x00\x33\x00\x39"
+		"\x00\x10" // Cipher Suites length (= 16)
+		"\xc0\x2b\xc0\x2c\xc0\x09\xc0\x0a" // ECDHE+ECDSA
+		"\xc0\x2f\xc0\x30\xc0\x13\xc0\x14" // ECDHE+RSA
+		"\x00\x9e\x00\x9f\x00\x33\x00\x39" // DHE+RSA
 		"\x01\x00" // Null Compression
-		"\x00\x0a" // Extensions length (= 10)
+		"\x00\x1e" // Extensions length (= 30)
 
-		// Signature Algorithms
-		"\x00\x0d\x00\x06\x00\x04\x04\x01\x02\x01"
+		"\x00\x0a" // Extension: supported_groups
+		"\x00\x06\x00\x04" // Length fields
+		"\x00\x19\x00\x17"
+
+		"\x00\x0b" // Extension: ec_point_formats
+		"\x00\x02\x01" // Length fields
+		"\x00"
+
+		"\x00\x0d" // Extension: signature_algorithms
+		"\x00\x0a\x00\x08" // Length fields
+		"\x04\x01\x02\x01\x04\x03\x06\x03"
 	;
 
 	switch(port) {
