# Retain the authentication algorith field as we want to test that.
s/( (?: (?:\b|\s) [\(=] ) | \s )TLSv1\.[12]:/$1TLSv1:/xg;
- s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?-:)/ke-$3-AES256-SHAxxx/g;
- s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHAxxx/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA)(?!:)/ke-$3-AES256-SHA/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-AES(128|256)-(GCM-SHA(256|384)|SHA):(128|256)/ke-$3-AES256-SHA:xxx/g;
# LibreSSL
# TLSv1:ECDHE-RSA-CHACHA20-POLY1305:256
- s/((EC)?DHE-)?(RSA|ECDSA)-CHACHA20-POLY1305\b/ke-$3-AES256-SHAxxx/g;
+ s/((EC)?DHE-)?(RSA|ECDSA)-CHACHA20-POLY1305\b/ke-$3-AES256-SHA:xxx/g;
# GnuTLS have seen:
# TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256