Add ECDHE suites to TLS handshake

sfan5 · sfan5 · commit 84de3fda7839 · 2026-01-01T20:30:02.000+01:00
diff --git a/src/banner.c b/src/banner.c
@@ -166,29 +166,35 @@ static const char *get_query_tcp(int port, unsigned int *len)
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 		"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
 	;
-	// This handshake claims support for DHE + AES-128 and AES-256 either in CBC
-	// or GCM mode, as well as SHA256 and SHA1 for signatures so it should work
+	// This handshake claims support for (EC-)DHE + AES-128 or AES-256 + CBC
+	// or GCM mode, and SHA256 or SHA1 for signatures so it should work
 	// with modern as well as older server configs.
 	static const char tls[] =
 		"\x16" // Handshake (22)
 		"\x03\x03" // TLS 1.2
-		"\x00\x3f" // Length
+		"\x00\x55" // Length
 		"\x01" // Client Hello (1)
-		"\x00\x00\x3b" // Length
+		"\x00\x00\x51" // Length
 		"\x03\x03" // TLS 1.2
 
 		// Random
 		"\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa"
 		"\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa"
 
 		"\x00" // Session ID length
-		"\x00\x08" // Cipher Suites length (= 8)
+		"\x00\x10" // Cipher Suites length (= 16)
+		"\xc0\x2b\xc0\x2c\xc0\x09\xc0\x0a"
 		"\x00\x9e\x00\x9f\x00\x33\x00\x39"
 		"\x01\x00" // Null Compression
-		"\x00\x0a" // Extensions length (= 10)
+		"\x00\x18" // Extensions length (= 24)
 
-		// Signature Algorithms
-		"\x00\x0d\x00\x06\x00\x04\x04\x01\x02\x01"
+		"\x00\x0d" // Extension: signature_algorithms
+		"\x00\x0a\x00\x08" // Length fields
+		"\x04\x01\x02\x01\x04\x03\x06\x03"
+
+		"\x00\x0a" // Extension: supported_groups
+		"\x00\x06\x00\x04" // Length fields
+		"\x00\x19\x00\x17"
 	;
 
 	switch(port) {
