* can be used to check for TLS privacy pitfalls ([session resumption](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf), [TLS fingerprinting](https://tlsfingerprint.io/), [system time exposure](https://datatracker.ietf.org/doc/html/draft-mathewson-no-gmtunixtime));
* supports both HTTP and [Gemini](https://gemini.circumlunar.space/) on the same port;
* is [free as in freedom](https://www.gnu.org/philosophy/free-sw.en.html) and trivial to self-host.
The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:
Note that these lists do not include draft extensions and [GREASE](https://datatracker.ietf.org/doc/html/rfc8701) values. Missing values will be documented here as the project evolves.
* detect client vulnerability to session [prolongation attacks](https://svs.informatik.uni-hamburg.de/publications/2018/2018-12-06-Sy-ACSAC-Tracking_Users_across_the_Web_via_TLS_Session_Resumption.pdf#page=3)
* support sessionID-based resumption (Go's `crypto/tls` library currently does not)
* support early data / 0-RTT (Go's `crypto/tls` library currently does not)
## License
[AGPL v3.0 or later](https://www.gnu.org/licenses/agpl-3.0.en.html). If you host a modified version, you must provide users access to its source code under the same license.
## Contributing
This project is hosted [at tildegit.org](https://tildegit.org/nervuri/client-hello-mirror). If you don't want to make an account, just [shoot me an email](https://nervuri.net/contact) with your [patch](https://git-send-email.io/) / suggestion / bug report / whatever else.