diff options
author | @Ajit <ajeetsinghchahar2@gmail.com> | 2023-04-01 23:05:00 +0000 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2023-04-01 23:05:00 +0000 |
commit | b6b71c8b70061eb5a489443ba82c90df948da95b (patch) | |
tree | f7f2681f3ef0a6af8ec6148ef260ef151775d0d8 /tests/tls13/prf-early.c | |
parent | b3fe5c229474a4dd0e74e955afb6bdc5d54c462d (diff) | |
download | gnutls-b6b71c8b70061eb5a489443ba82c90df948da95b.tar.gz |
hello_ext: add ClientHello extension permutation
This adds a mechanism to randomize the order of TLS extensions in the
ClientHello to make fingerprinting harder. The mechanism is enabled by
default and a new priority keyword %NO_EXTS_SHUFFLE has been added to
turn it off.
Signed-off-by: peonix <ajeetsinghchahar2@gmail.com>
Diffstat (limited to 'tests/tls13/prf-early.c')
-rw-r--r-- | tests/tls13/prf-early.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c index a21bc1c7a4..0df9a18abd 100644 --- a/tests/tls13/prf-early.c +++ b/tests/tls13/prf-early.c @@ -183,9 +183,9 @@ static void client(int sds[]) */ gnutls_init(&session, GNUTLS_CLIENT); - /* Use default priorities */ + /* Use default priorities, sets %NO_EXTS_SHUFFLE */ ret = gnutls_priority_set_direct(session, - "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1", + "NONE:+VERS-TLS1.3:+AES-256-GCM:+AEAD:+SIGN-RSA-PSS-RSAE-SHA384:+GROUP-SECP256R1:%NO_EXTS_SHUFFLE", &err); if (ret < 0) { fail("client: priority set failed (%s): %s\n", |