2.1 KiB
2.1 KiB
TLS Client Hello Mirror
This test:
- reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
- can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
- supports both HTTP and Gemini on the same port;
- is free as in freedom and trivial to self-host.
The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:
Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.
Installation
See INSTALL.md.
Roadmap
- HTML & gemtext front-end
- documentation
- detect client vulnerability to session prolongation attacks
- support sessionID-based resumption (Go's
crypto/tls
library currently does not) - support early data / 0-RTT (Go's
crypto/tls
library currently does not)
Contributing
This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.