TLS Client Hello Mirror
https://tlsprivacy.nervuri.net/
nervuri 02666e2997 | ||
---|---|---|
.reuse | ||
LICENSES | ||
clienthello | ||
.gitignore | ||
DOC.md | ||
INSTALL.md | ||
LICENSE.txt | ||
Makefile | ||
README.md | ||
drop_privileges.go | ||
go.mod | ||
go.sum | ||
index.gmi | ||
index.html | ||
request.go | ||
response.go | ||
server.go |
README.md
TLS Client Hello Mirror
This test:
- reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
- can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
- supports both HTTP and Gemini on the same port;
- is free as in freedom and trivial to self-host.
Installation
See INSTALL.md.
API documentation
This test exposes two JSON endpoints: /json/v1 (basic) and /json/v2 (detailed). See DOC.md for details.
Roadmap
- HTML & gemtext front-end
- detect client vulnerability to session prolongation attacks
- support early data / 0-RTT (Go's
crypto/tls
library currently does not) - support sessionID-based resumption (Go's
crypto/tls
library currently does not)
Contributing
This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.