TODO: 13.3 Defeat TLS fingerprinting

Closes #8119
author: Daniel Stenberg <daniel@haxx.se> 2021-12-11 22:30:27 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2021-12-11 22:30:27 +0100
commit: da973165965962a435a23ade336d9a17daf044ef (patch)
tree: dd8c44b0bedc948a070945dd20deec5ddcd878cc
parent: 39a9de3cec33046139d3574d6314802beceb7ce9 (diff)
download: curl-da973165965962a435a23ade336d9a17daf044ef.tar.gz
1 files changed, 11 insertions, 2 deletions
diff --git a/docs/TODO b/docs/TODO
index 11fe01db6..f9052c7be 100644
--- a/docs/TODO
+++ b/docs/TODO
@@ -110,9 +110,10 @@
  12. FILE
  12.1 Directory listing for FILE:
 
- 13. SSL
+ 13. TLS
  13.1 TLS-PSK with OpenSSL
  13.2 Provide mutex locking API
+ 13.3 Defeat TLS fingerprinting
  13.4 Cache/share OpenSSL contexts
  13.5 Export session ids
  13.6 Provide callback for cert verification
@@ -755,7 +756,7 @@
  output should probably be the same as/similar to FTP.
 
 
-13. SSL
+13. TLS
 
 13.1 TLS-PSK with OpenSSL
 
@@ -772,6 +773,14 @@
  library, so that the same application code can use mutex-locking
  independently of OpenSSL or GnutTLS being used.
 
+13.3 Defeat TLS fingerprinting
+
+ By changing the order of TLS extensions provided in the TLS handshake, it is
+ sometimes possible to circumvent TLS fingerprinting by servers. The TLS
+ extension order is of course not the only way to fingerprint a client.
+
+ See https://github.com/curl/curl/issues/8119
+
 13.4 Cache/share OpenSSL contexts
 
  "Look at SSL cafile - quick traces look to me like these are done on every
author	Daniel Stenberg <daniel@haxx.se>	2021-12-11 22:30:27 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2021-12-11 22:30:27 +0100
commit	da973165965962a435a23ade336d9a17daf044ef (patch)
tree	dd8c44b0bedc948a070945dd20deec5ddcd878cc
parent	39a9de3cec33046139d3574d6314802beceb7ce9 (diff)
download	curl-da973165965962a435a23ade336d9a17daf044ef.tar.gz