TLS Client Hello Mirror
https://tlsprivacy.nervuri.net/
nervuri
9d8ff3601f
|
||
|---|---|---|
| .reuse | ||
| LICENSES | ||
| .gitignore | ||
| INSTALL.md | ||
| LICENSE.txt | ||
| Makefile | ||
| README.md | ||
| client_hello_parser.go | ||
| drop_privileges.go | ||
| go.mod | ||
| go.sum | ||
| index.gmi | ||
| index.html | ||
| request.go | ||
| response.go | ||
| server.go | ||
README.md
TLS Client Hello Mirror
This test:
- reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
- can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
- supports both HTTP and Gemini on the same port;
- is free as in freedom and trivial to self-host.
The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:
Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.
Installation
See INSTALL.md.
Roadmap
- HTML & gemtext front-end
- documentation
- detect client vulnerability to session prolongation attacks
- support sessionID-based resumption (Go's
crypto/tlslibrary currently does not) - support early data / 0-RTT (Go's
crypto/tlslibrary currently does not)
Contributing
This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.