The DNS Privacy Project aims to improve privacy for users on the Internet.

The project is split into different groups working on DNS privacy:

• IETF DPRIVE Working Group
• NDSS DNS Privacy Workshops

The project focuses mostly on DNS over TLS. They provide overviews for the implementation status, configuration for test servers, and ongoing server monitoring, which features they provide.

Scans a website for TLS configuration problems. It shows information about the certificate, ciphers, standard compliance, and industry best practices.

The website shows key length recommendations from different agencies, like NIST, NSA or BSI. You can either see the recommendations of one body or compare all for a specific year. The data contains values for symmetric encryption, factoring modulus, elliptic curve, and others.

Website quality measurement tool. The website measures the quality of HTTP headers which improve security. Additionally, it provides inspections for the TLS certificate and SSH servers. It also includes many third-party tools.

Create variable TLS configurations for all major web servers. It is specialized for each web server and server version. The configurations support different TLS configurations, depending on the needed support for old clients.

Test the quality of a server's or a client's SSL/TLS stack. Very useful to test a server. Provides a A-F rating scheme and shows vulnerabilities and weak protocols/cipher suites.

Simple TLS proxy.

The website shows and annotates a real TLS handshake for the website. It shows each message that is transferred and explains the values that are seen. For this, a JavaScript TLS library is used that communicates with the website. The communication is then displayed.

The website shows an example QUIC connection and displays the messages sent by client and server. The visualization contains the transferred messages and computation steps that need to be performed on each side. The visualization contains explanations of the steps, including code snippets. Each byte for the transferred messages has further annotations to it.

The website shows an example TLS 1.3 session and displays the messages sent by client and server. The visualization contains the transferred messages and computation steps that need to be performed on each side. The visualization contains explanations of the steps, including code snippets. Each byte for the transferred messages has further annotations to it.

Test the quality of a client's SSL/TLS stack. The website shows sites which should fail or pass. Bad sites, that should fail but do not, show risks in the client.

Proxy framework for performing MitM attacks/transformations. Provides a Python API for scriptability.

Test the quality of a server's TLS stack It shows the enabled TLS versions on the server, tests for available ciphers, checks the TLS handshake, looks at the HTTP security headers, and tests for known vulnerabilities.