TLS Client Hello Mirror
https://tlsprivacy.nervuri.net/
nervuri 9d8ff3601f | ||
---|---|---|
.reuse | ||
LICENSES | ||
.gitignore | ||
INSTALL.md | ||
LICENSE.txt | ||
Makefile | ||
README.md | ||
client_hello_parser.go | ||
drop_privileges.go | ||
go.mod | ||
go.sum | ||
index.gmi | ||
index.html | ||
request.go | ||
response.go | ||
server.go |
README.md
TLS Client Hello Mirror
This test:
- reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
- can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
- supports both HTTP and Gemini on the same port;
- is free as in freedom and trivial to self-host.
The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:
Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.
Installation
See INSTALL.md.
Roadmap
- HTML & gemtext front-end
- documentation
- detect client vulnerability to session prolongation attacks
- support sessionID-based resumption (Go's
crypto/tls
library currently does not) - support early data / 0-RTT (Go's
crypto/tls
library currently does not)
Contributing
This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.