From e1bd13e7cddd5b2118b807f82063d37eb0b1f6c8 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Tue, 19 Sep 2023 11:27:13 -0400
Subject: [PATCH] ClientHello messages now include a 32-byte random-looking
 session ID since some TLSv1.0 implementations didn't like our empty session
 ID fields.

---
 sslscan.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sslscan.c b/sslscan.c
index 4880ad0..f173277 100644
--- a/sslscan.c
+++ b/sslscan.c
@@ -5364,8 +5364,14 @@ bs *makeClientHello(struct sslCheckOptions *options, unsigned int tls_version, b
     bs_append_uint32_t(client_hello, rand);
   }
 
-  /* Session ID Length: 0 */
-  bs_append_bytes(client_hello, (unsigned char []) { 0x00 }, 1);
+  /* Session ID Length: 32 */
+  bs_append_bytes(client_hello, (unsigned char []) { 32 }, 1);
+
+  /* A "random" 32-byte session ID. */
+  for (int i = 0; i < 8; i++) {
+    rand += (time_now ^ (uint32_t)((~(i + 0) << 24) | (~(i + 1) << 16) | (~(i + 2) << 8) | (~(i + 3) << 0)));
+    bs_append_uint32_t(client_hello, rand);
+  }
 
   /* Add the length (in bytes) of the ciphersuites list to the Client Hello. */
   bs_append_ushort(client_hello, bs_get_len(ciphersuite_list));