Features¶
Supported Protocols¶
Secure Shell (SSH)¶
Secure Socket Layer (SSL)¶
Transport Layer Security (TLS)¶
Domain Name System (DNS)¶
DNSSEC (Domain Name System Security Extensions)
Protocol Specific Features¶
Hypertext Transfer Protocol (HTTP)¶
supports header wire format parsing
supports detailed parsing of generic headers (Content-Type, NEL (Network Error Logging), Server, Set-Cookie)
supports detailed parsing of caching headers (Age, Cache-Control, Date, ETag, Expires, Last-Modified, Pragma)
supports detailed parsing of security headers (Content Security Policy (CSP), Content-Security-Policy-Report-Only, Expect-CT, Expect-Staple, HTTP Public Key Pinning (HPKP), Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection)
Transport Layer Security (TLS)¶
Only features that cannot be or difficultly implemented by some of the most popular SSL/TLS implementations (eg: GnuTls, LibreSSL, OpenSSL, wolfSSL, …) are listed.
generic
supports Generate Random Extensions And Sustain Extensibility (GREASE) values for
protocol version
extension type
ciphers suite
signature algorithms
named group
supports easy JA3 fingerprint generation
protocol versions
support not only the final, but also draft versions
cipher suites
supports each cipher suites discussed on ciphersuite.info
supports GOST (national standards of the Russian Federation and CIS countries) cipher suites
application layer
supports TLS handshake-related MySQL messages
supports TLS handshake-related OpenVPN messages
supports TLS handshake-related PostgreSQL messages
supports TLS handshake-related `RDP <https://en.wikipedia.org/wiki/Remote_Desktop_Protocol`__ messages
Secure Shell (SSH)¶
cipher suites
identifies as much encryption algorithms as possible (more than 200, compared to 70+ currently supported by OpenSSH)
supports HASSH fingerprint calculation
public keys
supports host keys, cretificates (both
V00
andV01
), X.509 certificates and chains
Domain Name System (DNS)¶
e-mail authentication, reporting
Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Sender Policy Framework (SPF)
SMTP MTA Strict Transport Security (MTA-STS)
SMTP TLS Reporting (TLSRPT)
DNSSEC (Domain Name System Security Extensions)