We want #MoreCrypto on the net. We want developers to add dTLS and TLS to their applications. But it’s not easy. When testing, it’s a quick thing to test the success case – but setting up tests for failure cases is not easy. It is really, really important to check these and see how your application react to all kinds of issues – from bad certificates to weak crypto. TLS-O-MATIC helps you.

The SIP TLS-O-MATIC at SIPit was the starting point

TLS-o-matic started as a series of SIP – IP telephony – protocol tests at the SIPit test events. After a while, the idea of making these available for application developers using HTTP grew, and for a talk Daniel Stenberg and I brushed off the idea and started creating a series of tests for web browsers and the Curl and libCURL users.

This site will grow slowly, but the first batch of tests are already available. If you want, you can check them out on GITHUB – https://github.com/edvinanet/tls-o-matic

Why publish everything?

In the repository on github you will find everything – including the scripts that we use to create the private keys. This is so you can fork the project and set it up yourself. You should be able to review everything and test. By doing this, there is of course no security in our certificate authority. We don’t accept any liability should you use it for anything else. It’s a very insecure certificate authority, but a good example to use for testing and training. If you do, let us know. And if you come up with cool new tests – why not contribute back?

This will be interesting!

/Olle E. Johansson
oej (at) edvina.net