Features

Supported Protocols

Internet Key Exchange (IKE)

• ISAKMP

• IKEv1

• IKEv2

Secure Shell (SSH)

• SSH 2.0

Secure Socket Layer (SSL)

• SSL 2.0

• SSL 3.0

Transport Layer Security (TLS)

• TLS 1.0

• TLS 1.1

• TLS 1.2

• TLS 1.3

Domain Name System (DNS)

• DNSSEC (Domain Name System Security Extensions)

Protocol Specific Features

Internet Key Exchange (IKE)

• protocol versions

Hypertext Transfer Protocol (HTTP)

1. supports header wire format parsing

2. supports detailed parsing of generic headers (Content-Type, NEL (Network Error Logging), Server, Set-Cookie)

3. supports detailed parsing of caching headers (Age, Cache-Control, Date, ETag, Expires, Last-Modified, Pragma)

4. supports detailed parsing of security headers (Content Security Policy (CSP), Content-Security-Policy-Report-Only, Expect-CT, Expect-Staple, HTTP Public Key Pinning (HPKP), Referrer-Policy, Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection)

Transport Layer Security (TLS)

Only features that cannot be or difficultly implemented by some of the most popular SSL/TLS implementations (eg: GnuTls, LibreSSL, OpenSSL, wolfSSL, …) are listed.

• generic

  1. supports Generate Random Extensions And Sustain Extensibility (GREASE) values for

     • protocol version

     • extension type

     • ciphers suite

     • signature algorithms

     • named group

  2. supports easy JA3 fingerprint generation

• protocol versions

  1. support not only the final, but also draft versions

• cipher suites

  1. supports each cipher suites discussed on ciphersuite.info

  2. supports GOST (national standards of the Russian Federation and CIS countries) cipher suites

• application layer

  • supports TLS handshake-related MySQL messages

  • supports TLS handshake-related OpenVPN messages

  • supports TLS handshake-related PostgreSQL messages

  • supports TLS handshake-related RDP messages

Secure Shell (SSH)

• cipher suites

  1. identifies as much encryption algorithms as possible (more than 200, compared to 70+ currently supported by OpenSSH)

  2. supports HASSH fingerprint calculation

• public keys

  1. supports host keys, certificates (both V00 and V01), X.509 certificates and chains

Domain Name System (DNS)

• e-mail authentication, reporting

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

  • Sender Policy Framework (SPF)

  • SMTP MTA Strict Transport Security (MTA-STS)

  • SMTP TLS Reporting (TLSRPT)

• DNSSEC (Domain Name System Security Extensions)

  • DNSKEY

  • DS

  • RRSIG