Future possible additions, modulo time.
- Figure out if dh512 can work, seems it gets rejeted by OpenSSL on the server-side before it can be offered to the client?
- SSL 3.0, if a sufficiently old enough OpenSSL can be found.
- Further tests for clients
- Post-SASL tests. Going past authentication would require measures to prevent sending spam or abuse, etc.
- Pointed at s2s port.
- Combinations of normal TCP binding, Direct TLS, BOSH, WebSocket…
- Multiple SRV records pointing at various combinations of the simpler tests.
- DNSSEC
- Outright bogus DNSSEC
- Expired DNSSEC
- SRV record pointing at the root zone (
.) mixed into other SRV records - Only “export” ciphers
- Document success/failure conditions
- Emoji to show c2s vs s2s?