TODO: 13.3 Defeat TLS fingerprinting

Closes #8119
2021-12-11 22:30:27 +01:00 · 2021-12-11 22:30:27 +01:00 · da97316596
commit da97316596
parent 39a9de3cec
1 changed files with 11 additions and 2 deletions
--- a/docs/TODO
+++ b/docs/TODO
@ -110,9 +110,10 @@
 12. FILE
 12.1 Directory listing for FILE:

- 13. SSL
+ 13. TLS
 13.1 TLS-PSK with OpenSSL
 13.2 Provide mutex locking API
+ 13.3 Defeat TLS fingerprinting
 13.4 Cache/share OpenSSL contexts
 13.5 Export session ids
 13.6 Provide callback for cert verification
@ -755,7 +756,7 @@
 output should probably be the same as/similar to FTP.


-13. SSL
+13. TLS

 13.1 TLS-PSK with OpenSSL

@ -772,6 +773,14 @@
 library, so that the same application code can use mutex-locking
 independently of OpenSSL or GnutTLS being used.

+13.3 Defeat TLS fingerprinting
+
+ By changing the order of TLS extensions provided in the TLS handshake, it is
+ sometimes possible to circumvent TLS fingerprinting by servers. The TLS
+ extension order is of course not the only way to fingerprint a client.
+
+ See https://github.com/curl/curl/issues/8119
+
 13.4 Cache/share OpenSSL contexts

 "Look at SSL cafile - quick traces look to me like these are done on every