TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
First, thanks for your (continued) work on this project! It is certainly a useful contribution to the community, and one I'm hoping we can leverage for ongoing and emerging IETF standardization work.
Over in the tls-interop-runner repository, we're hoping to use TLS-Attacker as a continual regression test against TLS stacks. I ran into a couple of problems and questions trying to run the client and server, which I'll enumerate below. Any and all feedback on how we might resolve these (either in tls-interop-runner or here in TLS-Attacker) is more than welcome!
Identity management: There doesn't seem to be a way to specify a complete certificate chain to TLS-Server. This would be quite useful because it would allow us to generate certificates and their contents outside of the project and re-use them across TLS stacks. (If this is already supported, a pointer to how to use them would be greatly appreciated!)
Attack drivers: Is there documentation on how each of the implemented attacks run, e.g., do they require multiple consecutive connections to complete, or can they run in a single connection attempt?
Attack targets: Do the attacks implemented target only servers? (I assume this is the case, but wanted to confirm).
Thank you for your interest in our project!
We are currently working on a test suite project, whose first version will be hopefully made public this year.
To address your questions:
certificate chain is currently not supported using the parameters, we will create an internal issue.
First, thanks for your (continued) work on this project! It is certainly a useful contribution to the community, and one I'm hoping we can leverage for ongoing and emerging IETF standardization work.
Over in the tls-interop-runner repository, we're hoping to use TLS-Attacker as a continual regression test against TLS stacks. I ran into a couple of problems and questions trying to run the client and server, which I'll enumerate below. Any and all feedback on how we might resolve these (either in tls-interop-runner or here in TLS-Attacker) is more than welcome!