TLS Client Hello Mirror
https://tlsprivacy.nervuri.net/
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
nervuri
cfcbbb0962
|
2 weeks ago | |
|---|---|---|
| .gitignore | 10 months ago | |
| INSTALL.md | 1 month ago | |
| LICENSE.txt | 10 months ago | |
| Makefile | 10 months ago | |
| README.md | 10 months ago | |
| client_hello_parser.go | 10 months ago | |
| drop_privileges.go | 2 weeks ago | |
| go.mod | 2 months ago | |
| go.sum | 2 months ago | |
| index.gmi | 2 weeks ago | |
| index.html | 2 weeks ago | |
| server.go | 2 weeks ago | |
README.md
TLS Client Hello Mirror
This test:
- reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
- can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
- supports both HTTP and Gemini on the same port;
- is free as in freedom and trivial to self-host.
The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:
Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.
Installation
See INSTALL.md.
Roadmap
- HTML & gemtext front-end
- documentation
- detect client vulnerability to session prolongation attacks
- support sessionID-based resumption (Go's
crypto/tlslibrary currently does not) - support early data / 0-RTT (Go's
crypto/tlslibrary currently does not)
License
AGPL v3.0 or later. If you host a modified version, you must provide users access to its source code under the same license.
Contributing
This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.