TLS Client Hello Mirror
https://tlsprivacy.nervuri.net/
nervuri
72b3259428
|
||
|---|---|---|
| .gitignore | ||
| INSTALL.md | ||
| LICENSE.txt | ||
| Makefile | ||
| README.md | ||
| client_hello_parser.go | ||
| drop_privileges.go | ||
| go.mod | ||
| go.sum | ||
| index.gmi | ||
| index.html | ||
| server.go | ||
README.md
TLS Client Hello Mirror
This test:
- reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
- can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
- supports both HTTP and Gemini on the same port;
- is free as in freedom and trivial to self-host.
The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:
Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.
Installation
See INSTALL.md.
Roadmap
- HTML & gemtext front-end
- documentation
- detect client vulnerability to session prolongation attacks
- support sessionID-based resumption (Go's
crypto/tlslibrary currently does not) - support early data / 0-RTT (Go's
crypto/tlslibrary currently does not)
License
AGPL v3.0 or later. If you host a modified version, you must provide users access to its source code under the same license.
Contributing
This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.