A TLS server using a vendored fork of the Go TLS stack that has renegotation indication extension forcibly disabled.# What is this?
This is a TLS server using a vendored fork of the Go TLS stack that has renegotation indication extension forcibly disabled, which will trigger CVE-2009-3555 mitigations in OpenSSL 3.0+. Note that it isn't truly vulnerable to CVE-2009-3555 because the Go TLS stack doesn't allow renegotiations at all.
The function of this program is to act as a test server for TLS clients that refuse to connect to servers with insecure client renegotiation configurations, like OpenSSL 3.0+ without the SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION option.
[4.0K] /data/pocs/bde2008135d300e577b57cda6e8fc8f3458afee8
├── [ 162] go.mod
├── [ 627] go.sum
├── [2.2K] main.go
├── [ 556] README.md
└── [4.0K] tls
├── [3.9K] alert.go
├── [9.8K] auth.go
├── [ 24K] cipher_suites.go
├── [ 53K] common.go
├── [3.3K] common_string.go
├── [ 46K] conn.go
├── [4.8K] generate_cert.go
├── [ 30K] handshake_client.go
├── [ 20K] handshake_client_tls13.go
├── [ 45K] handshake_messages.go
├── [ 24K] handshake_server.go
├── [ 25K] handshake_server_tls13.go
├── [ 12K] key_agreement.go
├── [5.9K] key_schedule.go
├── [1.4K] LICENSE
├── [8.4K] prf.go
├── [5.2K] ticket.go
└── [ 12K] tls.go
1 directory, 22 files