client-hello-mirror/README.md

# TLS Client Hello Mirror

This test:

* reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
* can be used to check for TLS privacy pitfalls ([session resumption](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf), [TLS fingerprinting](https://tlsfingerprint.io/), [system time exposure](https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime));
* supports both HTTP and [Gemini](https://gemini.circumlunar.space/) on the same port;
* is [free as in freedom](https://www.gnu.org/philosophy/free-sw.en.html) and trivial to self-host.

The API is largely stable - fields may be added, but existing fields will not be modified or removed.  IANA-assigned codes for TLS parameters and extensions are documented at:

* [TLS parameters](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml)
* [TLS extensions](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml)

Note that these lists do not include draft extensions and [GREASE](https://datatracker.ietf.org/doc/html/rfc8701) values.  Missing values will be documented here as the project evolves.

## Installation

See [INSTALL.md](INSTALL.md).

## Roadmap

* HTML & gemtext front-end
* documentation
* detect client vulnerability to session [prolongation attacks](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf#page=3)
* support sessionID-based resumption (Go's `crypto/tls` library currently does not)
* support early data / 0-RTT (Go's `crypto/tls` library currently does not)

## License

[AGPL v3.0 or later](https://www.gnu.org/licenses/agpl-3.0.en.html).  If you host a modified version, you must provide users access to its source code under the same license.

## Contributing

This project is hosted [at tildegit.org](https://tildegit.org/nervuri/client-hello-mirror).  If you don't want to make an account, just [shoot me an email](https://nervuri.net/contact) with your [patch](https://git-send-email.io/) / suggestion / bug report / whatever else.
init 2022-05-22 00:00:00 +00:00			`# TLS Client Hello Mirror`

			`This test:`

			`* reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;`
update roadmap Also changed system time exposure link. 2022-05-27 00:00:00 +00:00			`* can be used to check for TLS privacy pitfalls ([session resumption](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf), [TLS fingerprinting](https://tlsfingerprint.io/), [system time exposure](https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime));`
init 2022-05-22 00:00:00 +00:00			`* supports both HTTP and [Gemini](https://gemini.circumlunar.space/) on the same port;`
			`* is [free as in freedom](https://www.gnu.org/philosophy/free-sw.en.html) and trivial to self-host.`

			`The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:`

			`* [TLS parameters](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml)`
			`* [TLS extensions](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml)`

			`Note that these lists do not include draft extensions and [GREASE](https://datatracker.ietf.org/doc/html/rfc8701) values. Missing values will be documented here as the project evolves.`

			`## Installation`

add detailed install instructions 2022-05-26 00:00:00 +00:00			`See [INSTALL.md](INSTALL.md).`
init 2022-05-22 00:00:00 +00:00
			`## Roadmap`

			`* HTML & gemtext front-end`
			`* documentation`
			`* detect client vulnerability to session [prolongation attacks](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf#page=3)`
			* support sessionID-based resumption (Go's `crypto/tls` library currently does not)
			* support early data / 0-RTT (Go's `crypto/tls` library currently does not)

			`## License`

			`[AGPL v3.0 or later](https://www.gnu.org/licenses/agpl-3.0.en.html). If you host a modified version, you must provide users access to its source code under the same license.`

			`## Contributing`

			`This project is hosted [at tildegit.org](https://tildegit.org/nervuri/client-hello-mirror). If you don't want to make an account, just [shoot me an email](https://nervuri.net/contact) with your [patch](https://git-send-email.io/) / suggestion / bug report / whatever else.`