Skip to content

tls-attacker/TLS-Anvil

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

846 Commits

.github

.github

 
 

Docs

Docs

 
 

TLS-Test-Framework

TLS-Test-Framework

 
 

TLS-Testsuite

TLS-Testsuite

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Dockerfile

Dockerfile

 
 

Jenkinsfile

Jenkinsfile

 
 

README.md

README.md

 
 

build.sh

build.sh

 
 

pom.xml

pom.xml

 
 

Repository files navigation

TLS-Anvil

TLS-Anvil is a test suite for the evaluation of RFC compliance of Transport Layer Security (TLS) libraries using combinatorial testing (CT).

Have a look at our docs (https://tls-anvil.com) to learn more about the project.

The test suite contains around 408 client and server tests for (D)TLS 1.2 and TLS 1.3 based on the following RFCs:

  • RFC 4492 - Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
  • RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2
  • RFC 6066 - Transport Layer Security (TLS) Extensions: Extension Definitions
  • RFC 6176 - Prohibiting Secure Sockets Layer (SSL) Version 2.0
  • RFC 7366 - Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
  • RFC 7457 - Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)
  • RFC 7465 - Prohibiting RC4 Cipher Suites
  • RFC 7507 - TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks
  • RFC 7568 - Deprecating Secure Sockets Layer Version 3.0
  • RFC 7685 - A Transport Layer Security (TLS) ClientHello Padding Extension
  • RFC 7919 - Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)
  • RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
  • RFC 8701 - Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility
  • RFC 6347 - Datagram Transport Layer Security Version 1.2 (Experimental)

Project Structure

  • TLS-Testsuite: Contains the test templates
  • TLS-Test-Framework: Aggregator that combines coffee4j and implements JUnit extensions, annotations and the API for modeling tests for the TLS protocol

Build and Run

To build this project from scratch, we included all the dependencies on maven central and a Dockerfile that compiles everything in the correct order. You only need clone the repository and execute the build.sh script.

Alternatively you can use the prebuilt Docker image that is available as GitHub package.

docker run --rm -it ghcr.io/tls-attacker/tlsanvil -help

Graphical Result Analysis

To analyze the results, we provide a tool called Anvil Web which provides a graphical user interface. Please refer to the Anvil Web repository for information regarding the setup.

To get your results into Anvil Web you have to put them in a zip-file, with the report.json being in the root of the zip. Then click Upload Test in the interface and select your created file.

Acknowledgements

The foundation of TLS-Anvil was developed as part of the master's thesis Development and Evaluation of a TLS-Testsuite by Philipp Nieting at Ruhr University Bochum in cooperation with the TÜV Informationstechnik GmbH.

About

TLS-Anvil, a fully automated TLS testsuite for client and servers.

tls-anvil.com

Topics

tls ssl security test-suite combinatorial-testing

Resources

Readme
Activity
Custom properties

Stars

86 stars

Watchers

10 watching

Forks

8 forks
Report repository

Releases 10

v1.2.9 Latest
Feb 19, 2024
+ 9 releases

Packages 5

 
 
 
+ 2 packages

Contributors 11

Languages