TLS1.3 Server Data Sheet
Test Suite:
TLS1.3 Server
Direction:
Server

TLS (Transport Layer Security) represents the current standard for communications privacy in the Internet. TLS is used in server and client applications ranging from web browsers to electronic banking software and e-commerce sites. As higher-level protocols often build upon it, the dependability of the underlying TLS implementation is an integral factor in the secure operation of a wide range of software products. The robustness and security of TLS software must be verified using the TLS Server Test Suite.

Used specifications

Specification
Title
RFC2246

The TLS Protocol Version 1.0

RFC2595

Using TLS with IMAP, POP3 and ACAP

RFC2817

HTTP Upgrade to TLS

RFC3207

SMTP Service Extension for Secure SMTP over Transport Layer Security

RFC3268

Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)

RFC4279

Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)

RFC4346

The Transport Layer Security (TLS) Protocol Version 1.1

RFC4492

Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)

RFC5054

Using the Secure Remote Password (SRP) Protocol for TLS Authentication

RFC5077

Transport Layer Security (TLS) Session Resumption without Server-Side State

RFC5246

The Transport Layer Security (TLS) Protocol Version 1.2

RFC5487

Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode

RFC5746

Transport Layer Security (TLS) Renegotiation Indication Extension

RFC6066

Transport Layer Security (TLS) Extensions: Extension Definitions

RFC6460

Suite B Profile for Transport Layer Security (TLS)

RFC7301

Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension

RFC7919

Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)

RFC7935

ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS)

nextprotoneg

TLS Next Protocol Negotiation

RFC8446

The Transport Layer Security (TLS) Protocol Version 1.3

Tool-specific information

Tested messages
Specifications
Notes
Client Hello
rfc8446
Client Certificate
rfc8446
Certificate Verify
rfc8446
Finished
rfc8446
Change Cipher Spec
rfc8446
New Session Ticket
rfc8446
Hello Retry Request
rfc8446
Client Alert
rfc8446
Next Protocol

Supported protocol features
Specifications
Notes
Transport over TCP
rfc8446
Resumption
rfc8446
Pre Shared Key
rfc8446
Note: PSK_DHE only
Early Data
rfc8446

Supported test suite features
Notes
TLS Application Data over TCP or UDP socket
X.509 RSA/DSA/ECDSA Certificates and Private Keys from file, TCP or UDP socket

Supported TLS cipher suites
Specifications
Notes
TLS_AES_128_GCM_SHA256
rfc8446
TLS_AES_256_GCM_SHA384
rfc8446
TLS_AES_128_CCM_SHA256
rfc8446
TLS_AES_128_CCM_8_SHA256
rfc8446
TLS_CHACHA20_POLY1305
rfc8446

Supported Named Groups
Specifications
Notes
secp256r1
RFC5480
ECDHE Groups
secp3841
RFC5480
ECDHE Groups
secp521r1
RFC5480
ECDHE Groups
ffdhe2048
RFC7919
DHE Groups
ffdhe3072
RFC7919
DHE Groups
ffdhe4096
RFC7919
DHE Groups

Supported Signature Algorithms
Specifications
Notes
rsa_pss_pss_sha256
rfc8446
ecdsa_secp256r1_sha256
rfc8446

Supported SafeGuard Checks

Authentication Bypass

Certificate Validation

Information Leakage

Insufficient Randomness

Unexpected Data

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis