Features

Supported Protocols

Internet Key Exchange (IKE)

• ISAKMP

• IKEv1

• IKEv2

Secure Shell (SSH)

• SSH 2.0

Secure Socket Layer (SSL)

• SSL 2.0

• SSL 3.0

Transport Layer Security (TLS)

• TLS 1.0

• TLS 1.1

• TLS 1.2

• TLS 1.3

Domain Name System (DNS)

• DNSSEC (Domain Name System Security Extensions)

Protocol Specific Features

Internet Key Exchange (IKE)

• protocol versions

Hypertext Transfer Protocol (HTTP)

1. supports header wire format parsing

2. supports detailed parsing of generic headers (Content-Type, NEL (Network Error Logging), Server, Set-Cookie)

3. supports detailed parsing of caching headers (Age, Cache-Control, Date, ETag, Expires, Last-Modified, Pragma)

4. supports detailed parsing of security headers (Content Security Policy (CSP), Content-Security-Policy-Report-Only, Expect-CT, Expect-Staple, HTTP Public Key Pinning (HPKP), Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection)

Transport Layer Security (TLS)

Only features that cannot be or difficultly implemented by some of the most popular SSL/TLS implementations (eg: GnuTls, LibreSSL, OpenSSL, wolfSSL, …) are listed.

• generic

  1. supports Generate Random Extensions And Sustain Extensibility (GREASE) values for

     • protocol version

     • extension type

     • ciphers suite

     • signature algorithms

     • named group

  2. supports easy JA3 fingerprint generation

• protocol versions

  1. support not only the final, but also draft versions

• cipher suites

  1. supports each cipher suites discussed on ciphersuite.info

  2. supports GOST (national standards of the Russian Federation and CIS countries) cipher suites

  3. supports ShangMi (SM) (national standards of China) cipher suites

• application layer

  • supports TLS handshake-related MySQL messages

  • supports TLS handshake-related OpenVPN messages

  • supports TLS handshake-related PostgreSQL messages

  • supports TLS handshake-related RDP messages

Secure Shell (SSH)

• cipher suites

  1. identifies as much encryption algorithms as possible (more than 200, compared to 70+ currently supported by OpenSSH)

  2. supports HASSH fingerprint calculation

• public keys

  1. supports host keys, certificates (both V00 and V01), X.509 certificates and chains

Domain Name System (DNS)

• e-mail authentication, reporting

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

  • Sender Policy Framework (SPF)

  • SMTP MTA Strict Transport Security (MTA-STS)

  • SMTP TLS Reporting (TLSRPT)

• DNSSEC (Domain Name System Security Extensions)

  • DNSKEY

  • DS

  • RRSIG

• SSHFP (SSH host key fingerprints)