client-hello-mirror/README.md

TLS Client Hello Mirror

This test:

• reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
• can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
• supports both HTTP and Gemini on the same port;
• is free as in freedom and trivial to self-host.

The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:

• TLS parameters
• TLS extensions

Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.

Installation

See INSTALL.md.

Roadmap

• HTML & gemtext front-end
• documentation
• detect client vulnerability to session prolongation attacks
• support sessionID-based resumption (Go's crypto/tls library currently does not)
• support early data / 0-RTT (Go's crypto/tls library currently does not)

License

AGPL v3.0 or later. If you host a modified version, you must provide users access to its source code under the same license.

Contributing

This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.