# Intro

``tlshandshake`` is a tool which can be used for troubleshooting and benchmarking TLS handshake. It is written in GoLang.

# Usage

Example:

```
> go run cmd/tlshandshake/tlshandshake.go -tls_min 1.2 -tls_max 1.3 -groups X25519-SIDHp503 pqcrypto.uk
| TLS-Session:
-----------------------------------------------------------------
    Protocol              : 1.3
    Cipher                : TLS_AES_128_GCM_SHA256
    Negotiated Group      : X25519-SIDHp503
    Connection ID         : d0129f4dea986b72
    SCTs                  : []
    Connection resumed    : FALSE
    EMS used              : FALSE
    Stapled OCSP response : 308201350a0100a082012e3082012a06092b0601...

| Connection:
-----------------------------------------------------------------
    Local address       : 10.0.1.242:51536
    Remote address      : 198.41.214.162:443

| Server Certificates:
-----------------------------------------------------------------

Depth      : 0
Issuer     : CN=DigiCert ECC Extended Validation Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13836083707412516537413894398330316720 (0xa68bb984a507399f4716e809a44a7b0)
    Signature Algorithm: ECDSA-SHA256
        Issuer: C=US,O=DigiCert Inc,OU=www.digicert.com,CN=DigiCert ECC Extended Validation Server CA
        Validity
            Not Before: Oct 30 00:00:00 2018 UTC
            Not After : Nov 3 12:00:00 2020 UTC
        Subject: UnknownOID=2.5.4.15,UnknownOID=1.3.6.1.4.1.311.60.2.1.3,UnknownOID=1.3.6.1.4.1.311.60.2.1.2,UnknownOID=2.5.4.5,C=US,ST=California,UnknownOID=2.5.4.7,O=Cloudflare, Inc.,CN=cloudflare.com
        Subject Public Key Info:
            Public Key Algorithm: ECDSA
                Public-Key: (256 bit)
                X:
                    ce:d7:61:49:49:fd:4b:35:8b:1b:86:bc:a3:c5:bc:
                    d8:20:6e:31:17:2d:92:8a:b7:34:f4:db:11:70:4e:
                    49:16
                Y:
                    61:fc:ae:fa:7f:ba:6f:0c:05:53:74:c6:79:7f:81:
                    12:8a:f7:e2:5e:6c:f5:fa:10:69:6b:67:d9:d5:96:
                    51:b0
                Curve: P-256
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:F8:25:D9:A6:39:C7:C3:81:87:25:3E:30:54:91:18:21:40:9B:17:9D
            X509v3 Subject Key Identifier:
                DE:7F:7F:E6:7C:ED:ED:61:43:60:47:67:5D:86:2F:84:FD:A6:78:AD
            X509v3 Subject Alternative Name:
                DNS:cloudflare.com, DNS:www.cloudflare.com
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl3.digicert.com/DigiCertECCExtendedValidationServerCA.crl, URI:http://crl4.digicert.com/DigiCertECCExtendedValidationServerCA.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114412.2.1
                Policy: 2.23.140.1.1
            Authority Information Access:
                OCSP - URI:http://ocsp.digicert.com
                CA Issuers - URI:http://cacerts.digicert.com/DigiCertECCExtendedValidationServerCA.crt

            X509v3 Basic Constraints: critical
                CA:FALSE
            Unknown extension 1.3.6.1.4.1.11129.2.4.2

    Signature Algorithm: ECDSA-SHA256
         30:65:02:30:1e:1b:3d:10:9a:50:23:2e:e6:86:11:13:46:a8:
         1d:e8:63:f8:2f:60:96:43:49:0a:49:30:73:55:f8:25:63:1d:
         46:59:da:a9:4b:98:68:99:3d:50:a8:c4:fc:52:0f:e3:02:31:
         00:d2:64:cc:ad:f8:92:b6:6b:fe:b7:a9:4e:8c:06:3b:fb:d3:
         08:9f:d9:04:10:80:b9:52:97:0a:14:24:a4:5a:8a:d7:27:3c:
         1e:86:cb:b7:a8:be:c3:c0:98:fa:4a:91:ae

```

# Installation

```
go get -u github.com/henrydcase/tlshandshake/...
```

# Dependencies

We use [``th5``](https://github.com/henrydcase/th5) library.

# License

See LICENSE file