TLS Client Hello Mirror https://tlsprivacy.nervuri.net/

Go to file

nervuri f9c5f49b42 update golang.org/x/crypto from 0.14 to 0.21		2024-03-14 14:51:11 +00:00
.reuse	move html, js, css and gmi files to "frontend" dir	2023-09-20 09:53:02 +00:00
LICENSES	reorganize code, add json/v2 endpoint and API doc	2023-04-30 16:27:55 +00:00
clienthello	frontend: add special case for RENEGOTIATION_INFO_SCSV cipher suite	2023-09-30 15:43:06 +00:00
frontend	put JS code directly in index.html	2023-09-30 16:26:46 +00:00
.gitignore	reorganize code, add json/v2 endpoint and API doc	2023-04-30 16:27:55 +00:00
DOC.md	more text tweaks	2023-09-30 15:30:45 +00:00
INSTALL.md	INSTALL.md: mention RSS feed for releases	2023-09-20 08:53:26 +00:00
LICENSE.txt	change license to BSD-3-Clause; ensure REUSE compliance	2023-04-03 10:49:30 +00:00
Makefile	tidy up Makefile	2023-10-16 15:35:41 +00:00
NJA3.md	another small text tweak	2023-09-26 08:12:27 +00:00
README.md	more text tweaks	2023-09-30 15:30:45 +00:00
drop_privileges.go	change license to BSD-3-Clause; ensure REUSE compliance	2023-04-03 10:49:30 +00:00
formatting.go	frontend: add special case for RENEGOTIATION_INFO_SCSV cipher suite	2023-09-30 15:43:06 +00:00
go.mod	update golang.org/x/crypto from 0.14 to 0.21	2024-03-14 14:51:11 +00:00
go.sum	update golang.org/x/crypto from 0.14 to 0.21	2024-03-14 14:51:11 +00:00
request.go	big UI commit; add NJA3 proper	2023-09-20 08:31:19 +00:00
response.go	change license to BSD-3-Clause; ensure REUSE compliance	2023-04-03 10:49:30 +00:00
server.go	put JS code directly in index.html	2023-09-30 16:26:46 +00:00

README.md

TLS Client Hello Mirror

This test:

reflects the complete Client Hello message in multiple formats, preserving the order in which TLS parameters and extensions are sent;
can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
supports both HTTP and Gemini on the same port;
is free as in freedom and trivial to self-host.

A live instance is running at tlsprivacy.nervuri.net.

Installation

See INSTALL.md.

API documentation

This test exposes two JSON endpoints:

See DOC.md for details.

Wishlist

detect client vulnerability to session prolongation attacks
support early data / 0-RTT (Go's crypto/tls library currently does not)
support sessionID-based resumption (Go's crypto/tls library currently does not)
decode more extensions
token binding (RFCs 8471-8473, formerly Channel ID) can be bad for privacy, but Chromium removed support in 2018. Edge might still support it, though. It may be worth testing for it (add to highlights and add warning in the UI).

Contributing

This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.