Overview
A project for demonstrating complexity of TLS implementation. Done for Cloud and Network Security course.
Written in Rust.
Features
- Key exchange
- ChaCha20-Poly1305 as a symmetric algorithm and cipher suite
- Handshake process
- Decryption of application data content
- All the necessary extensions implemented
- Tested for both cloudlare.com and google.com
Certificate Validation
- Domain validation: Checks both Common Name and Subject Alternative Names (including wildcards)
- Expiration check: Verifies the certificate is currently valid
- Chain verification: PARTIALLY fulfilled - checks the chain structure but doesn’t verify against a trusted root store, so does not confirm the root is from a legitimate CA
- Revocation check: Not implemented