-------- Features -------- Supported Protocols =================== Internet Key Exchange (IKE) --------------------------- - `ISAKMP `__ - `IKEv1 `__ - `IKEv2 `__ Secure Shell (SSH) ------------------ - `SSH 2.0 `__ Secure Socket Layer (SSL) ------------------------- - `SSL 2.0 `__ - `SSL 3.0 `__ Transport Layer Security (TLS) ------------------------------ - `TLS 1.0 `__ - `TLS 1.1 `__ - `TLS 1.2 `__ - `TLS 1.3 `__ Domain Name System (DNS) ------------------------ - `DNSSEC `__ (Domain Name System Security Extensions) Protocol Specific Features ========================== Internet Key Exchange (IKE) --------------------------- - protocol versions Hypertext Transfer Protocol (HTTP) ---------------------------------- 1. supports header wire format parsing 2. supports detailed parsing of generic headers (`Content-Type `__, `NEL `__ (Network Error Logging), `Server `__, `Set-Cookie `__) 3. supports detailed parsing of caching headers (`Age `__, `Cache-Control `__, `Date `__, `ETag `__, `Expires `__, `Last-Modified `__, `Pragma `__) 4. supports detailed parsing of security headers (`Content Security Policy `__ (CSP), `Content-Security-Policy-Report-Only `__, `Expect-CT `__, `Expect-Staple `__, `HTTP Public Key Pinning `__ (HPKP), `Referrer-Policy `__, `Strict-Transport-Security `__, `X-Content-Type-Options `__, `X-Frame-Options `__, `X-XSS-Protection `__) Transport Layer Security (TLS) ------------------------------ Only features that cannot be or difficultly implemented by some of the most popular SSL/TLS implementations (eg: `GnuTls `__, `LibreSSL `__, `OpenSSL `__, `wolfSSL `__, ...) are listed. - generic 1. supports `Generate Random Extensions And Sustain Extensibility `__ (GREASE) values for - protocol version - extension type - ciphers suite - signature algorithms - named group 2. supports easy `JA3 fingerprint `__ generation - protocol versions 1. support not only the final, but also draft versions - cipher suites 1. supports each cipher suites discussed on `ciphersuite.info `__ 2. supports `GOST `__ (national standards of the Russian Federation and CIS countries) cipher suites 3. supports `ShangMi (SM) `__ (national standards of China) cipher suites - application layer - supports TLS handshake-related `MySQL `__ messages - supports TLS handshake-related `OpenVPN `__ messages - supports TLS handshake-related `PostgreSQL `__ messages - supports TLS handshake-related `RDP `__ messages Secure Shell (SSH) ------------------ - cipher suites 1. identifies as much encryption algorithms as possible (more than 200, compared to 70+ currently supported by OpenSSH) 2. supports `HASSH fingerprint `__ calculation - public keys 1. supports host keys, certificates (both ``V00`` and ``V01``), X.509 certificates and chains Domain Name System (DNS) ------------------------ - e-mail authentication, reporting - `Domain-based Message Authentication, Reporting, and Conformance `__ (DMARC) - `Sender Policy Framework `__ (SPF) - `SMTP MTA Strict Transport Security `__ (MTA-STS) - `SMTP TLS Reporting `__ (TLSRPT) - DNSSEC (Domain Name System Security Extensions) - `DNSKEY `__ - `DS `__ - `RRSIG `__ - `SSHFP `__ (SSH host key fingerprints)