tlshandshake/README.md

# Intro

``tlshandshake`` is a tool which can be used for troubleshooting and benchmarking TLS handshake. It is written in GoLang.

# Usage

Example:

```
> go run cmd/tlshandshake/tlshandshake.go -tls_min 1.2 -tls_max 1.3 -groups X25519-SIDHp503 pqcrypto.uk
| TLS-Session:
-----------------------------------------------------------------
    Protocol              : 1.3
    Cipher                : TLS_AES_128_GCM_SHA256
    Negotiated Group      : X25519-SIDHp503
    Connection ID         : d0129f4dea986b72
    SCTs                  : []
    Connection resumed    : FALSE
    EMS used              : FALSE
    Stapled OCSP response : 308201350a0100a082012e3082012a06092b0601...

| Connection:
-----------------------------------------------------------------
    Local address       : 10.0.1.242:51536
    Remote address      : 198.41.214.162:443

| Server Certificates:
-----------------------------------------------------------------

Depth      : 0
Issuer     : CN=DigiCert ECC Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13836083707412516537413894398330316720 (0xa68bb984a507399f4716e809a44a7b0)
    Signature Algorithm: ECDSA-SHA256
        Issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert ECC Extended Validation Server CA
        Validity
            Not Before: Oct 30 00:00:00 2018 UTC
            Not After : Nov 3 12:00:00 2020 UTC
        Subject: UnknownOID=2.5.4.15,UnknownOID=1.3.6.1.4.1.311.60.2.1.3,UnknownOID=1.3.6.1.4.1.311.60.2.1.2,UnknownOID=2.5.4.5,C=US,ST=California,UnknownOID=2.5.4.7,O=Cloudflare, Inc.,CN=cloudflare.com
        Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    ce:d7:61:49:49:fd:4b:35:8b:1b:86:bc:a3:c5:bc:
                    d8:20:6e:31:17:2d:92:8a:b7:34:f4:db:11:70:4e:
                    49:16
                Y:
                    61:fc:ae:fa:7f:ba:6f:0c:05:53:74:c6:79:7f:81:
                    12:8a:f7:e2:5e:6c:f5:fa:10:69:6b:67:d9:d5:96:
                    51:b0
                Curve: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:F8:25:D9:A6:39:C7:C3:81:87:25:3E:30:54:91:18:21:40:9B:17:9D
            X509v3 Subject Key Identifier:
                DE:7F:7F:E6:7C:ED:ED:61:43:60:47:67:5D:86:2F:84:FD:A6:78:AD
            X509v3 Subject Alternative Name:
                DNS:cloudflare.com, DNS:www.cloudflare.com
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/DigiCertECCExtendedValidationServerCA.crl, URI:http://crl4.digicert.com/DigiCertECCExtendedValidationServerCA.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.2.1
                Policy: 2.23.140.1.1
            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertECCExtendedValidationServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            Unknown extension 1.3.6.1.4.1.11129.2.4.2

    Signature Algorithm: ECDSA-SHA256
         30:65:02:30:1e:1b:3d:10:9a:50:23:2e:e6:86:11:13:46:a8:
         1d:e8:63:f8:2f:60:96:43:49:0a:49:30:73:55:f8:25:63:1d:
         46:59:da:a9:4b:98:68:99:3d:50:a8:c4:fc:52:0f:e3:02:31:
         00:d2:64:cc:ad:f8:92:b6:6b:fe:b7:a9:4e:8c:06:3b:fb:d3:
         08:9f:d9:04:10:80:b9:52:97:0a:14:24:a4:5a:8a:d7:27:3c:
         1e:86:cb:b7:a8:be:c3:c0:98:fa:4a:91:ae

```

# Installation

```
go get -u github.com/henrydcase/tlshandshake/...
```

# Dependencies

We use ``trs`` library, a fork of Cloudflare's ``tls-tris`` library, which supports TLSv1.3 and number of experimental features.

# License

See LICENSE file
Init 2019-05-10 23:16:49 +01:00			`# Intro`

			``tlshandshake`` is a tool which can be used for troubleshooting and benchmarking TLS handshake. It is written in GoLang.

			`# Usage`

			`Example:`

			```
Print connection information 2019-05-12 19:06:55 +01:00			`> go run cmd/tlshandshake/tlshandshake.go -tls_min 1.2 -tls_max 1.3 -groups X25519-SIDHp503 pqcrypto.uk`
			`\| TLS-Session:`
			`-----------------------------------------------------------------`
			`Protocol : 1.3`
			`Cipher : TLS_AES_128_GCM_SHA256`
			`Negotiated Group : X25519-SIDHp503`
			`Connection ID : d0129f4dea986b72`
			`SCTs : []`
			`Connection resumed : FALSE`
			`EMS used : FALSE`
			`Stapled OCSP response : 308201350a0100a082012e3082012a06092b0601...`

			`\| Connection:`
			`-----------------------------------------------------------------`
			`Local address : 10.0.1.242:51536`
			`Remote address : 198.41.214.162:443`

			`\| Server Certificates:`
			`-----------------------------------------------------------------`

			`Depth : 0`
			`Issuer : CN=DigiCert ECC Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US`
			`Certificate:`
			`Data:`
			`Version: 3 (0x2)`
			`Serial Number: 13836083707412516537413894398330316720 (0xa68bb984a507399f4716e809a44a7b0)`
			`Signature Algorithm: ECDSA-SHA256`
			`Issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert ECC Extended Validation Server CA`
			`Validity`
			`Not Before: Oct 30 00:00:00 2018 UTC`
			`Not After : Nov 3 12:00:00 2020 UTC`
			`Subject: UnknownOID=2.5.4.15,UnknownOID=1.3.6.1.4.1.311.60.2.1.3,UnknownOID=1.3.6.1.4.1.311.60.2.1.2,UnknownOID=2.5.4.5,C=US,ST=California,UnknownOID=2.5.4.7,O=Cloudflare, Inc.,CN=cloudflare.com`
			`Subject Public Key Info:`
			`Public Key Algorithm: ECDSA`
			`Public-Key: (256 bit)`
			`X:`
			`ce:d7:61:49:49:fd:4b:35:8b:1b:86:bc:a3:c5:bc:`
			`d8:20:6e:31:17:2d:92:8a:b7:34:f4:db:11:70:4e:`
			`49:16`
			`Y:`
			`61:fc:ae:fa:7f:ba:6f:0c:05:53:74:c6:79:7f:81:`
			`12:8a:f7:e2:5e:6c:f5:fa:10:69:6b:67:d9:d5:96:`
			`51:b0`
			`Curve: P-256`
			`X509v3 extensions:`
			`X509v3 Authority Key Identifier:`
			`keyid:F8:25:D9:A6:39:C7:C3:81:87:25:3E:30:54:91:18:21:40:9B:17:9D`
			`X509v3 Subject Key Identifier:`
			`DE:7F:7F:E6:7C:ED:ED:61:43:60:47:67:5D:86:2F:84:FD:A6:78:AD`
			`X509v3 Subject Alternative Name:`
			`DNS:cloudflare.com, DNS:www.cloudflare.com`
			`X509v3 Key Usage: critical`
			`Digital Signature`
			`X509v3 Extended Key Usage:`
			`TLS Web Server Authentication, TLS Web Client Authentication`
			`X509v3 CRL Distribution Points:`

			`Full Name:`
			`URI:http://crl3.digicert.com/DigiCertECCExtendedValidationServerCA.crl, URI:http://crl4.digicert.com/DigiCertECCExtendedValidationServerCA.crl`

			`X509v3 Certificate Policies:`
			`Policy: 2.16.840.1.114412.2.1`
			`Policy: 2.23.140.1.1`
			`Authority Information Access:`
			`OCSP - URI:http://ocsp.digicert.com`
			`CA Issuers - URI:http://cacerts.digicert.com/DigiCertECCExtendedValidationServerCA.crt`

			`X509v3 Basic Constraints: critical`
			`CA:FALSE`
			`Unknown extension 1.3.6.1.4.1.11129.2.4.2`

			`Signature Algorithm: ECDSA-SHA256`
			`30:65:02:30:1e:1b:3d:10:9a:50:23:2e:e6:86:11:13:46:a8:`
			`1d:e8:63:f8:2f:60:96:43:49:0a:49:30:73:55:f8:25:63:1d:`
			`46:59:da:a9:4b:98:68:99:3d:50:a8:c4:fc:52:0f:e3:02:31:`
			`00:d2:64:cc:ad:f8:92:b6:6b:fe:b7:a9:4e:8c:06:3b:fb:d3:`
			`08:9f:d9:04:10:80:b9:52:97:0a:14:24:a4:5a:8a:d7:27:3c:`
			`1e:86:cb:b7:a8:be:c3:c0:98:fa:4a:91:ae`

Init 2019-05-10 23:16:49 +01:00			```

			`# Installation`

			```
			`go get -u github.com/henrydcase/tlshandshake/...`
			```

			`# Dependencies`

			We use ``trs`` library, a fork of Cloudflare's ``tls-tris`` library, which supports TLSv1.3 and number of experimental features.

			`# License`

			`See LICENSE file`