tls-tester
| Crates.io | tls-tester |
| lib.rs | tls-tester |
| version | 0.1.0 |
| created_at | 2025-06-02 04:42:10.872865+00 |
| updated_at | 2025-06-02 04:42:10.872865+00 |
| description | A TLS 1.3 server for testing client implementations |
| homepage | |
| repository | https://github.com/newAM/tls-tester |
| max_upload_size | |
| id | 1697684 |
| size | 194,644 |
Alex Martens (newAM)
documentation
README
TLS tester
A rust crate for testing TLS 1.3 client implementations.
[!WARNING]
This is in a pre-alpha state, the crate is missing:
- Documentation
- Unit tests
Goals
- Hackability
- Debugability
- Testing TLS client implementation compliance
Non-goals
- Performance
- Security
- Versions of TLS older than TLS 1.3
- Strict TLS compliance
- TLS tester needs to create non-compliant behaviour to test compliance, for all other purposes TLS tester should be compliant unless otherwise noted
Limitations
- Compliance limitations
- Does not implement all required digital signature algorithms, missing:
rsa_pkcs1_sha256rsa_pss_rsae_sha256
- Does not implement all recommended cipher suites, missing:
TLS_AES_256_GCM_SHA384TLS_CHACHA20_POLY1305_SHA256
- Does not implement all recommended key exchange algorithms, missing:
X25519
- Does not implement all required digital signature algorithms, missing:
- PSK does not support
psk_ke, onlypsk_dhe_keis supported
Available tests
- Server record fragmentation
Planned tests
- Forced HelloRetry
- Invalid GCM tag
- Missing handshake messages, such as CertificateVerify
- Non-zero padding extension
- Record fragmentation across key changes
- Record overflow
- Sending application data before handshake is done
- Sending duplicate handshake message types
- Sending handshake messages out of order
- Zero length alert/handshake/applicationdata
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.