TLS Client Hello Mirror https://tlsprivacy.nervuri.net/

Go to file

nervuri de6a4524b4 add detailed install instructions		2022-05-26 00:00:00 +00:00
.gitignore	init	2022-05-22 00:00:00 +00:00
INSTALL.md	add detailed install instructions	2022-05-26 00:00:00 +00:00
LICENSE.txt	init	2022-05-22 00:00:00 +00:00
Makefile	init	2022-05-22 00:00:00 +00:00
README.md	add detailed install instructions	2022-05-26 00:00:00 +00:00
client_hello_parser.go	init	2022-05-22 00:00:00 +00:00
server.go	add drop root capability and -u <user> option	2022-05-26 00:00:00 +00:00

README.md

TLS Client Hello Mirror

This test:

reflects the complete Client Hello message, preserving the order in which TLS parameters and extensions are sent;
can be used to check for TLS privacy pitfalls (session resumption, TLS fingerprinting, system time exposure);
supports both HTTP and Gemini on the same port;
is free as in freedom and trivial to self-host.

The API is largely stable - fields may be added, but existing fields will not be modified or removed. IANA-assigned codes for TLS parameters and extensions are documented at:

Note that these lists do not include draft extensions and GREASE values. Missing values will be documented here as the project evolves.

Installation

See INSTALL.md.

Roadmap

detect if client random begins with UNIX timestamp, as per RFC 5246, section 7.4.1.2
HTML & gemtext front-end
documentation
detect client vulnerability to session prolongation attacks
support sessionID-based resumption (Go's crypto/tls library currently does not)
support early data / 0-RTT (Go's crypto/tls library currently does not)

License

AGPL v3.0 or later. If you host a modified version, you must provide users access to its source code under the same license.

Contributing

This project is hosted at tildegit.org. If you don't want to make an account, just shoot me an email with your patch / suggestion / bug report / whatever else.