Skip to content

Commit

Permalink
TODO: 13.3 Defeat TLS fingerprinting
Browse files Browse the repository at this point in the history
Closes curl#8119
  • Loading branch information
bagder committed Dec 11, 2021
1 parent 39a9de3 commit da97316
Showing 1 changed file with 11 additions and 2 deletions.
13 changes: 11 additions & 2 deletions docs/TODO
Original file line number Diff line number Diff line change
@@ -110,9 +110,10 @@
12. FILE
12.1 Directory listing for FILE:

13. SSL
13. TLS
13.1 TLS-PSK with OpenSSL
13.2 Provide mutex locking API
13.3 Defeat TLS fingerprinting
13.4 Cache/share OpenSSL contexts
13.5 Export session ids
13.6 Provide callback for cert verification
@@ -755,7 +756,7 @@
output should probably be the same as/similar to FTP.


13. SSL
13. TLS

13.1 TLS-PSK with OpenSSL

@@ -772,6 +773,14 @@
library, so that the same application code can use mutex-locking
independently of OpenSSL or GnutTLS being used.

13.3 Defeat TLS fingerprinting

By changing the order of TLS extensions provided in the TLS handshake, it is
sometimes possible to circumvent TLS fingerprinting by servers. The TLS
extension order is of course not the only way to fingerprint a client.

See https://github.com/curl/curl/issues/8119

13.4 Cache/share OpenSSL contexts

"Look at SSL cafile - quick traces look to me like these are done on every

0 comments on commit da97316

Please sign in to comment.