{"id":28671070,"url":"https://github.com/newam/tls-tester","last_synced_at":"2026-03-10T13:04:27.167Z","repository":{"id":296722925,"uuid":"994266160","full_name":"newAM/tls-tester","owner":"newAM","description":"TLS 1.3 client tester","archived":false,"fork":false,"pushed_at":"2025-12-20T04:08:26.000Z","size":193,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-22T12:45:43.416Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/newAM.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-06-01T15:23:51.000Z","updated_at":"2025-12-20T04:08:29.000Z","dependencies_parsed_at":"2025-06-02T01:06:59.717Z","dependency_job_id":"8df93bc5-dee7-48d2-9dbf-db40dc486c99","html_url":"https://github.com/newAM/tls-tester","commit_stats":null,"previous_names":["newam/tls-tester"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/newAM/tls-tester","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newAM%2Ftls-tester","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newAM%2Ftls-tester/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newAM%2Ftls-tester/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newAM%2Ftls-tester/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/newAM","download_url":"https://codeload.github.com/newAM/tls-tester/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/newAM%2Ftls-tester/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30334412,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T12:41:07.687Z","status":"ssl_error","status_checked_at":"2026-03-10T12:41:06.728Z","response_time":106,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-13T18:38:57.054Z","updated_at":"2026-03-10T13:04:27.162Z","avatar_url":"https://github.com/newAM.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TLS tester\n\nA tool for testing [TLS 1.3] implementation compliance.\n\n\u003e [!WARNING]  \n\u003e This is in a pre-alpha state, the crate is missing:\n\u003e\n\u003e - Documentation\n\u003e - Unit tests\n\n## Goals\n\n- Hackability\n- Debugability\n- Testing TLS implementation compliance\n\n## Non-goals\n\n- Performance\n- Security\n- Versions of TLS older than [TLS 1.3]\n- `#![no_std]` support\n- Strict TLS compliance\n  - TLS tester needs to create non-compliant behaviour to test compliance, for all other purposes TLS tester should be compliant unless otherwise noted\n\n## Limitations\n\n- [Compliance](https://datatracker.ietf.org/doc/html/rfc8446#section-9) limitations\n  - Does not implement all required digital signature algorithms, missing:\n    - `rsa_pkcs1_sha256`\n    - `rsa_pss_rsae_sha256`\n  - Does not implement all recommended cipher suites, missing:\n    - `TLS_AES_256_GCM_SHA384`\n    - `TLS_CHACHA20_POLY1305_SHA256`\n- Client ignores server `EncryptedExtensions`\n- Client ignores TLS certificate extensions\n- Certificate parsing is messy and contains many outstanding TODOs\n- PSK does not support `psk_ke`, only `psk_dhe_ke` is supported\n\n## Available tests\n\n- Server record fragmentation\n\n### Planned tests\n\n- Forced HelloRetry\n- Invalid GCM tag\n- Missing handshake messages, such as CertificateVerify\n- Packing server Encrypted Extensions, Certificate, CertificateVerify, and Finished into a single record\n- Non-zero padding extension\n- Record fragmentation across key changes\n- Record overflow\n- Sending application data before handshake is done\n- Sending duplicate handshake message types\n- Sending handshake messages out of order\n- Zero length alert/handshake/applicationdata\n- Zero padding appended to records\n- Certificates with GeneralizedTime and UTCTime types for notBefore and notAfter\n  - UTCTime before 2050\n  - GeneralizedTime after 2050\n- Sending unrecognized values for:\n  - cipher suites\n  - hello extensions\n  - named groups\n  - key shared\n  - supported versions\n  - signature algorithms\n\n## License\n\nLicensed under either of\n\n- Apache License, Version 2.0 ([LICENSE-APACHE](LICENSE-APACHE) or\n  \u003chttp://www.apache.org/licenses/LICENSE-2.0\u003e)\n- MIT license ([LICENSE-MIT](LICENSE-MIT) or \u003chttp://opensource.org/licenses/MIT\u003e)\n\nat your option.\n\n[TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnewam%2Ftls-tester","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnewam%2Ftls-tester","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnewam%2Ftls-tester/lists"}