client-hello-mirror/README.md

TLS Client Hello Mirror

This test:

• reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
• can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
• supports both HTTP and Gemini on the same port;
• is free as in freedom and trivial to self-host.

The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:

• TLS parameters
• TLS extensions

Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.

Installation

See INSTALL.md.

Roadmap

• HTML & gemtext front-end
• documentation
• detect client vulnerability to session prolongation attacks
• support sessionID-based resumption (Go's crypto/tls library currently does not)
• support early data / 0-RTT (Go's crypto/tls library currently does not)

Contributing

This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.