TLS 1.3 Client Data Sheet
Test Suite:
TLS 1.3 Client
Direction:
Client

TLS 1.3(Transport Layer Security) represents the current standard for communications privacy in the Internet. TLS is used in server and client applications ranging from web browsers to electronic banking software and e-commerce sites. As higher-level protocols often build upon it, the dependability of the underlying TLS implementation is an integral factor in the secure operation of a wide range of software products. The robustness and security of TLS software must be verified using the TLS 1.3 Client Test Suite.

Used specifications

Specification
Title
Notes
RFC2246
The TLS Protocol Version 1.0
Suite does not test TLS 1.0
RFC2595
Using TLS with IMAP, POP3 and ACAP
RFC2817
HTTP Upgrade to TLS
CONNECT method with basic authentication supported
RFC3207
SMTP Service Extension for Secure SMTP over Transport Layer Security
RFC3268
Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
RFC4279
Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)
Only as anomaly
RFC4346
The Transport Layer Security (TLS) Protocol Version 1.1
Suite does not test TLS 1.1
RFC4492
Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
RFC5054
Using the Secure Remote Password (SRP) Protocol for TLS Authentication
Only as anomaly
RFC5077
Transport Layer Security (TLS) Session Resumption without Server-Side State
RFC5246
The Transport Layer Security (TLS) Protocol Version 1.2
Suite does not test TLS 1.2
RFC5487
Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode
RFC5746
Transport Layer Security (TLS) Renegotiation Indication Extension
Only as anomaly
RFC6066
Transport Layer Security (TLS) Extensions: Extension Definitions
Obsoletes RFC4366
RFC6460
Suite B Profile for Transport Layer Security (TLS)
Only as anomaly
RFC7301
Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension
RFC7685
A Transport Layer Security (TLS) ClientHello Padding Extension
Only as anomaly
RFC7919
Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
Only as anomaly
RFC7935
ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)
nextprotoneg
TLS Next Protocol Negotiation
Google Technical Note: nextprotoneg, July 2011
RFC8446
The Transport Layer Security (TLS) Protocol Version 1.3

Suite-specific information

Tested messages
Specifications
Notes
Client Hello
RFC8446
Client Certificate
RFC8446
Certificate Verify
RFC8446
Finished
RFC8446
Change Cipher Spec
RFC8446
New Session Ticket
RFC8446
Hello Retry Request
RFC8446
Client Alert
RFC8446
Next Protocol

Supported protocol features
Specifications
Notes
Transport over TCP
RFC8446
Resumption
RFC8446
Pre Shared Key
RFC8446
Note: PSK_DHE only
Early Data
RFC8446

Supported test suite features
Notes
TLS Application Data over TCP or UDP socket
X.509 RSA/DSA/ECDSA Certificates and Private Keys from file, TCP or UDP socket

Supported TLS cipher suites
Specifications
Notes
TLS_AES_128_GCM_SHA256
RFC8446
TLS_AES_256_GCM_SHA384
RFC8446
TLS_AES_128_CCM_SHA256
RFC8446
TLS_AES_128_CCM_8_SHA256
RFC8446
TLS_CHACHA20_POLY1305
RFC8446

Supported Named Groups
Specifications
Notes
secp256r1
RFC5480
ECDHE Groups
secp384r1
RFC5480
ECDHE Groups
secp521r1
RFC5480
ECDHE Groups
ffdhe2048
RFC7919
DHE Groups
ffdhe3072
RFC7919
DHE Groups
ffdhe4096
RFC7919
DHE Groups

Supported Signature Algorithms
Specifications
Notes
rsa_pss_pss_sha256
RFC8446
ecdsa_secp256r1_sha256
RFC8446

Supported SafeGuard Checks

Authentication Bypass

Certificate Validation

Information Leakage

Insufficient Randomness

Unexpected Data

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis