[BUG / possible BUG] Cipher hex code incomplete

[michael-o]

Running testssl.sh version 3.0.9. The hexcode is weird:

 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode  Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
 x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
 xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
 xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v

Isn't a hex number expected to be 0x1302, so a zero prepended? At least that is the convention...

Running on:

$ bash --version
GNU bash, Version 5.2.26(1)-release (amd64-portbld-freebsd13.2)
$ freebsd-version
13.4-STABLE

[drwetter]

?

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

[michael-o]

?

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

No, this is not what I have reported. It is only about the hex code output. The prepended zero is missing.

This is what I would expect:

 Testing 370 ciphers via OpenSSL plus sockets against the server, ordered by encryption strength

Hexcode   Cipher Suite Name (OpenSSL)       KeyExch.   Encryption  Bits     Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
 0x1302   TLS_AES_256_GCM_SHA384            ECDH 253   AESGCM      256      TLS_AES_256_GCM_SHA384                             available
 0x1303   TLS_CHACHA20_POLY1305_SHA256      ECDH 253   ChaCha20    256      TLS_CHACHA20_POLY1305_SHA256                       available
 0xcc14   ECDHE-ECDSA-CHACHA20-POLY1305-OLD ECDH       ChaCha20    256      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD  not a/v
 0xcc13   ECDHE-RSA-CHACHA20-POLY1305-OLD   ECDH       ChaCha20    256      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD    not a/v

Kindly reopen, I can provide a PR if we agree on the issue.

[drwetter]

Ah, that zero. I read over that. Sorry. Maybe you should have sticked to the template provided. ;-)

To answer your q: You are referring to the C-standard (K&R ) but to my knowledge there is not a single standard . We might as well remove the x, as ḧexcode is the table headline. See https://en.wikipedia.org/wiki/Hexadecimal#Distinguishing_from_decimal . That reference is not complete, e.g. Javascript wasn't mentioned there and I guess others too.

Also I believe a) the tables need to be adjusted not only the numbers. b) More importantly: that'll be a breaking change for the 3.2 branch and as long as we're in the RC phase I wouldn't be willing to merge that now. For 3.0.x: That branch is old and this wouldn't be a change which will be backported. This is in maintenance mode only and support will be dropped when 3.2 is released.

[drwetter]

Considering this for later