From 068e77a37f63dbfff09e72e15d5a63c7657dab2e Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 21 Mar 2021 02:37:18 +0000
Subject: [PATCH] Restore Supported Point Formats Extension. Fixes #1187 Some
 servers are not compliant with RFC 4492, section 4, and abort the handshake
 when the extension is missing.

---
 scripts/ssl-enum-ciphers.nse | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index 591a576a3..64c8ac02d 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -516,7 +516,13 @@ local function base_extensions(host)
   local tlsname = tls.servername(host)
   return {
     -- Claim to support common elliptic curves
+    -- TODO: Determine desire to comply with RFC 4492, section 4:
+    --       "The client MUST NOT include these extensions in the ClientHello
+    --       message if it does not propose any ECC cipher suites."
+    --       OTOH, OpenSSL 1.1.1 sends them always so it is probably safe.
     ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](tls.DEFAULT_ELLIPTIC_CURVES),
+    -- Some servers require Supported Point Formats Extension
+    ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"]({"uncompressed"}),
     -- Enable SNI if a server name is available
     ["server_name"] = tlsname and tls.EXTENSION_HELPERS["server_name"](tlsname),
   }