From 1fd4b3edd82937f822ae7b6908ad705587ecb488 Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Fri, 6 Mar 2015 19:59:59 +0000
Subject: [PATCH] Use some sane defaults in tls.client_hello

---
 nselib/tls.lua | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/nselib/tls.lua b/nselib/tls.lua
index 4c796b613..545b7307f 100644
--- a/nselib/tls.lua
+++ b/nselib/tls.lua
@@ -20,6 +20,7 @@ PROTOCOLS = {
   ["TLSv1.1"]     = 0x0302,
   ["TLSv1.2"]     = 0x0303
 }
+HIGHEST_PROTOCOL = "TLSv1.2"
 
 --
 -- TLS Record Types
@@ -583,6 +584,14 @@ CIPHERS = {
 ["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"]             =  0xFEFF,
 }
 
+DEFAULT_CIPHERS = {
+  "TLS_RSA_WITH_AES_128_CBC_SHA", -- mandatory TLSv1.2
+  "TLS_RSA_WITH_3DES_EDE_CBC_SHA", -- mandatory TLSv1.1
+  "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA", -- mandatory TLSv1.0
+  "TLS_DHE_RSA_WITH_AES_256_CBC_SHA", -- DHE with strong AES
+  "TLS_RSA_WITH_RC4_128_MD5", -- Weak and old, but likely supported on old stuff
+}
+
 local function find_key(t, value)
   local k, v
 
@@ -1232,6 +1241,7 @@ end
 -- @return The client_hello record as a string
 function client_hello(t)
   local b, ciphers, compressor, compressors, h, len
+  t = t or {}
 
   ----------
   -- Body --
@@ -1239,7 +1249,8 @@ function client_hello(t)
 
   b = {}
   -- Set the protocol.
-  table.insert(b, bin.pack(">S", PROTOCOLS[t["protocol"]]))
+  local protocol = t["protocol"] or HIGHEST_PROTOCOL
+  table.insert(b, bin.pack(">S", PROTOCOLS[protocol]))
 
   -- Set the random data.
   table.insert(b, bin.pack(">I", os.time()))
@@ -1252,21 +1263,16 @@ function client_hello(t)
 
   -- Cipher suites.
   ciphers = {}
-  if t["ciphers"] ~= nil then
-    -- Add specified ciphers.
-    for _, cipher in pairs(t["ciphers"]) do
-      if type(cipher) == "string" then
-        cipher = CIPHERS[cipher] or SCSVS[cipher]
-      end
-      if type(cipher) == "number" and cipher >= 0 and cipher <= 0xffff then
-        table.insert(ciphers, bin.pack(">S", cipher))
-      else
-        stdnse.debug1("Unknown cipher in client_hello: %s", cipher)
-      end
+  -- Add specified ciphers.
+  for _, cipher in pairs(t["ciphers"] or DEFAULT_CIPHERS) do
+    if type(cipher) == "string" then
+      cipher = CIPHERS[cipher] or SCSVS[cipher]
+    end
+    if type(cipher) == "number" and cipher >= 0 and cipher <= 0xffff then
+      table.insert(ciphers, bin.pack(">S", cipher))
+    else
+      stdnse.debug1("Unknown cipher in client_hello: %s", cipher)
     end
-  else
-    -- Use NULL cipher
-    table.insert(ciphers, bin.pack(">S", CIPHERS["TLS_NULL_WITH_NULL_NULL"]))
   end
   table.insert(b, bin.pack(">P", table.concat(ciphers)))
 
@@ -1285,8 +1291,7 @@ function client_hello(t)
   table.insert(b, bin.pack(">p", table.concat(compressors)))
 
   -- TLS extensions
-  if PROTOCOLS[t["protocol"]] and
-      PROTOCOLS[t["protocol"]] ~= PROTOCOLS["SSLv3"] then
+  if PROTOCOLS[protocol] and protocol ~= "SSLv3" then
     local extensions = {}
     if t["extensions"] ~= nil then
       -- Add specified extensions.