Future possible additions, modulo time.

  • Figure out if dh512 can work, seems it gets rejeted by OpenSSL on the server-side before it can be offered to the client?
  • SSL 3.0, if a sufficiently old enough OpenSSL can be found.
  • Further tests for clients
    • Post-SASL tests. Going past authentication would require measures to prevent sending spam or abuse, etc.
    • Pointed at s2s port.
  • Combinations of normal TCP binding, Direct TLS, BOSH, WebSocket…
  • Multiple SRV records pointing at various combinations of the simpler tests.
    • Outright bogus DNSSEC
    • Expired DNSSEC
  • SRV record pointing at the root zone (.) mixed into other SRV records
  • Only “export” ciphers
  • Document success/failure conditions
  • Emoji to show c2s vs s2s?