# Intro ``tlshandshake`` is a tool which can be used for troubleshooting and benchmarking TLS handshake. It is written in GoLang. # Usage Example: ``` > go run cmd/tlshandshake/tlshandshake.go -tls_min 1.2 -tls_max 1.3 -groups X25519-SIDHp503 pqcrypto.uk | TLS-Session: ----------------------------------------------------------------- Protocol : 1.3 Cipher : TLS_AES_128_GCM_SHA256 Negotiated Group : X25519-SIDHp503 Connection ID : d0129f4dea986b72 SCTs : [] Connection resumed : FALSE EMS used : FALSE Stapled OCSP response : 308201350a0100a082012e3082012a06092b0601... | Connection: ----------------------------------------------------------------- Local address : 10.0.1.242:51536 Remote address : 198.41.214.162:443 | Server Certificates: ----------------------------------------------------------------- Depth : 0 Issuer : CN=DigiCert ECC Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US Certificate: Data: Version: 3 (0x2) Serial Number: 13836083707412516537413894398330316720 (0xa68bb984a507399f4716e809a44a7b0) Signature Algorithm: ECDSA-SHA256 Issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert ECC Extended Validation Server CA Validity Not Before: Oct 30 00:00:00 2018 UTC Not After : Nov 3 12:00:00 2020 UTC Subject: UnknownOID=2.5.4.15,UnknownOID=1.3.6.1.4.1.311.60.2.1.3,UnknownOID=1.3.6.1.4.1.311.60.2.1.2,UnknownOID=2.5.4.5,C=US,ST=California,UnknownOID=2.5.4.7,O=Cloudflare, Inc.,CN=cloudflare.com Subject Public Key Info: Public Key Algorithm: ECDSA Public-Key: (256 bit) X: ce:d7:61:49:49:fd:4b:35:8b:1b:86:bc:a3:c5:bc: d8:20:6e:31:17:2d:92:8a:b7:34:f4:db:11:70:4e: 49:16 Y: 61:fc:ae:fa:7f:ba:6f:0c:05:53:74:c6:79:7f:81: 12:8a:f7:e2:5e:6c:f5:fa:10:69:6b:67:d9:d5:96: 51:b0 Curve: P-256 X509v3 extensions: X509v3 Authority Key Identifier: keyid:F8:25:D9:A6:39:C7:C3:81:87:25:3E:30:54:91:18:21:40:9B:17:9D X509v3 Subject Key Identifier: DE:7F:7F:E6:7C:ED:ED:61:43:60:47:67:5D:86:2F:84:FD:A6:78:AD X509v3 Subject Alternative Name: DNS:cloudflare.com, DNS:www.cloudflare.com X509v3 Key Usage: critical Digital Signature X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 CRL Distribution Points: Full Name: URI:http://crl3.digicert.com/DigiCertECCExtendedValidationServerCA.crl, URI:http://crl4.digicert.com/DigiCertECCExtendedValidationServerCA.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114412.2.1 Policy: 2.23.140.1.1 Authority Information Access: OCSP - URI:http://ocsp.digicert.com CA Issuers - URI:http://cacerts.digicert.com/DigiCertECCExtendedValidationServerCA.crt X509v3 Basic Constraints: critical CA:FALSE Unknown extension 1.3.6.1.4.1.11129.2.4.2 Signature Algorithm: ECDSA-SHA256 30:65:02:30:1e:1b:3d:10:9a:50:23:2e:e6:86:11:13:46:a8: 1d:e8:63:f8:2f:60:96:43:49:0a:49:30:73:55:f8:25:63:1d: 46:59:da:a9:4b:98:68:99:3d:50:a8:c4:fc:52:0f:e3:02:31: 00:d2:64:cc:ad:f8:92:b6:6b:fe:b7:a9:4e:8c:06:3b:fb:d3: 08:9f:d9:04:10:80:b9:52:97:0a:14:24:a4:5a:8a:d7:27:3c: 1e:86:cb:b7:a8:be:c3:c0:98:fa:4a:91:ae ``` # Installation ``` go get -u github.com/henrydcase/tlshandshake/... ``` # Dependencies We use ``trs`` library, a fork of Cloudflare's ``tls-tris`` library, which supports TLSv1.3 and number of experimental features. # License See LICENSE file