Update TLS client-hello packet for wider acceptance

[mikehardenize]

Here’s a patch that updates the ClientHello that masscan uses to negotiate TLS. We were planning some scanning the other day and noticed that no certificates were discovered from some servers where we expected them. After a closer look we noticed that the existing ClientHello doesn’t offer TLS 1.2, which was fine a couple of years ago but by now many servers have been reconfigured to use only TLS 1.2 and better. The new ClientHello has been taken from the latest OpenSSL 1.1.1 with weak cipher suites enabled and TLS 1.3 disabled. (TLS 1.3 encrypts server certificates and so we don’t want to negotiate that.) We added some weaker suites without forward secrecy, 3DES, and RC4. It’s difficult to construct any one ClientHello that will work for everyone, but this one should be fine for most situations. There is no SNI.

An example of a host:port for which masscan fails to get TLS banner information prior to applying this patch: 5.189.183.229:443

[ivanr]

For posterity, this is the command we used with OpenSSL 1.1.1o:

./apps/openssl s_client -connect www.hardenize.com:443 -noservername -no_tls1_3 \
-cipher "ECDHE-ECDSA-AES128-GCM-SHA256 \
ECDHE-ECDSA-CHACHA20-POLY1305 \
ECDHE-ECDSA-AES256-GCM-SHA384 \
ECDHE-ECDSA-AES128-SHA \
ECDHE-ECDSA-AES256-SHA \
ECDHE-ECDSA-AES128-SHA256 \
ECDHE-ECDSA-AES256-SHA384 \
ECDHE-RSA-AES128-GCM-SHA256 \
ECDHE-RSA-CHACHA20-POLY1305 \
ECDHE-RSA-AES256-GCM-SHA384 \
ECDHE-RSA-AES128-SHA \
ECDHE-RSA-AES256-SHA \
ECDHE-RSA-AES128-SHA256 \
ECDHE-RSA-AES256-SHA384 \
DHE-RSA-AES128-GCM-SHA256 \
DHE-RSA-CHACHA20-POLY1305 \
DHE-RSA-AES256-GCM-SHA384 \
DHE-RSA-AES128-SHA \
DHE-RSA-AES256-SHA \
DHE-RSA-AES128-SHA256 \
DHE-RSA-AES256-SHA256 \
AES128-GCM-SHA256 \
AES256-GCM-SHA384 \
AES128-SHA256 \
AES256-SHA256 \
AES128-SHA \
AES256-SHA \
DES-CBC3-SHA \
RC4-SHA \
"