From 6a71ab0cbcb0f62916c7fe7ed8f74601ebc1ffbb Mon Sep 17 00:00:00 2001
From: haga <haga.rakotoharivelo@gmail.com>
Date: Fri, 31 Jan 2025 03:13:53 +0100
Subject: [PATCH] Set the defaulted offer groups match OpenSsl 3.2.2

---
 .../Clients/Ssl/BouncyCastle/FluxzyTlsClient.cs   | 15 ++++++++++++++-
 test/Fluxzy.Tests/Utility.cs                      |  6 +++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/src/Fluxzy.Core/Clients/Ssl/BouncyCastle/FluxzyTlsClient.cs b/src/Fluxzy.Core/Clients/Ssl/BouncyCastle/FluxzyTlsClient.cs
index af62965b..1aab78b8 100644
--- a/src/Fluxzy.Core/Clients/Ssl/BouncyCastle/FluxzyTlsClient.cs
+++ b/src/Fluxzy.Core/Clients/Ssl/BouncyCastle/FluxzyTlsClient.cs
@@ -22,6 +22,19 @@ internal class FluxzyTlsClient : DefaultTlsClient
         private static readonly int[] DefaultKeyShares = new int[] {
             NamedGroup.x25519
         };
+        
+        private static readonly int[] DefaultSupportGroups = new int[] {
+            NamedGroup.x25519,
+            NamedGroup.secp256r1,
+            NamedGroup.x448,
+            NamedGroup.secp521r1,
+            NamedGroup.secp384r1,
+            NamedGroup.ffdhe2048,
+            NamedGroup.ffdhe3072,
+            NamedGroup.ffdhe4096,
+            NamedGroup.ffdhe6144,
+            NamedGroup.ffdhe8192,
+        };
 
         private readonly IReadOnlyCollection<SslApplicationProtocol>_applicationProtocols;
         private readonly FluxzyCrypto _crypto;
@@ -91,7 +104,7 @@ protected override IList<int> GetSupportedGroups(IList<int> namedGroupRoles)
                 return _fingerPrint.EffectiveSupportGroups;
             }
 
-            return base.GetSupportedGroups(namedGroupRoles);
+            return DefaultSupportGroups;
         }
 
         protected override IList<ServerName> GetSniServerNames()
diff --git a/test/Fluxzy.Tests/Utility.cs b/test/Fluxzy.Tests/Utility.cs
index 8ed4a522..d23a74ff 100644
--- a/test/Fluxzy.Tests/Utility.cs
+++ b/test/Fluxzy.Tests/Utility.cs
@@ -24,7 +24,11 @@ public static async Task<bool> AcquireCapabilitiesLinux(string executablePath)
                 return true; // Already root  - no need to set capabilities
             
             if (!ProcessUtils.IsCommandAvailable("setcap"))
-                return false; 
+                return false;
+
+            if (await ProcessUtilX.HasCaptureCapabilities()) {
+                return true;
+            }
             
             var process = await ProcessUtilX.RunElevatedSudoALinux("setcap", 
                 new []{ "cap_net_raw,cap_net_admin=eip", executablePath},