Future possible additions, modulo time.

  • TLS 1.3 test
    • Waiting for a certificate
    Supports only TLS 1.3. TODO
  • Figure out if dh512 can work, seems it gets rejeted by OpenSSL on the server-side before it can be offered to the client?
  • Test that rejects the <starttls/> with <failure/>
  • Tests for clients
    • Needs to ensure that it can’t be used for spam. Either separate hosts or some plugin that prevents resource binding or otherwise restricts what can be done after connecting.
  • Multiple SRV records pointing at various combinations of the simpler tests.