Tunneling WireGuard over HTTPS using Wstunnel

testssl.sh's client simulation:

 text

    
 Running client simulations via sockets 

 Browser                      Protocol  Cipher Suite Name (OpenSSL)       Forward Secrecy
------------------------------------------------------------------------------------------------
 Android 7.0 (native)         No connection
 Android 8.1 (native)         No connection
 Android 9.0 (native)         No connection
 Android 10.0 (native)        No connection
 Android 11/12 (native)       No connection
 Android 13/14 (native)       No connection
 Android 15 (native)          TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Chrome 101 (Win 10)          No connection
 Chromium 137 (Win 11)        TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Firefox 100 (Win 10)         No connection
 Firefox 137 (Win 11)         TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 IE 8 Win 7                   No connection
 IE 11 Win 7                  No connection
 IE 11 Win 8.1                No connection
 IE 11 Win Phone 8.1          No connection
 IE 11 Win 10                 No connection
 Edge 15 Win 10               No connection
 Edge 101 Win 10 21H2         No connection
 Edge 133 Win 11 23H2         TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Safari 18.4 (iOS 18.4)       No connection
 Safari 15.4 (macOS 12.3.1)   No connection
 Safari 18.4 (macOS 15.4)     No connection
 Java 7u25                    No connection
 Java 8u442 (OpenJDK)         No connection
 Java 11.0.2 (OpenJDK)        No connection
 Java 17.0.3 (OpenJDK)        No connection
 Java 21.0.6 (OpenJDK)        No connection
 go 1.17.8                    No connection
 LibreSSL 3.3.6 (macOS)       No connection
 OpenSSL 1.0.2e               No connection
 OpenSSL 1.1.1d (Debian)      No connection
 OpenSSL 3.0.15 (Debian)      No connection
 OpenSSL 3.5.0 (git)          TLSv1.3   TLS_AES_128_GCM_SHA256            X25519MLKEM768
 Apple Mail (16.0)            No connection
 Thunderbird (91.9)           No connection

For me, very fresh browser and/or SSL/TLS library needed.

8 comments

It looks really interesting but the link is giving me an SSL error :/
- testssl.sh's client simulation:
  text
  
  Running client simulations via sockets Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy ------------------------------------------------------------------------------------------------ Android 7.0 (native) No connection Android 8.1 (native) No connection Android 9.0 (native) No connection Android 10.0 (native) No connection Android 11/12 (native) No connection Android 13/14 (native) No connection Android 15 (native) TLSv1.3 TLS_AES_128_GCM_SHA256 X25519MLKEM768 Chrome 101 (Win 10) No connection Chromium 137 (Win 11) TLSv1.3 TLS_AES_128_GCM_SHA256 X25519MLKEM768 Firefox 100 (Win 10) No connection Firefox 137 (Win 11) TLSv1.3 TLS_AES_128_GCM_SHA256 X25519MLKEM768 IE 8 Win 7 No connection IE 11 Win 7 No connection IE 11 Win 8.1 No connection IE 11 Win Phone 8.1 No connection IE 11 Win 10 No connection Edge 15 Win 10 No connection Edge 101 Win 10 21H2 No connection Edge 133 Win 11 23H2 TLSv1.3 TLS_AES_128_GCM_SHA256 X25519MLKEM768 Safari 18.4 (iOS 18.4) No connection Safari 15.4 (macOS 12.3.1) No connection Safari 18.4 (macOS 15.4) No connection Java 7u25 No connection Java 8u442 (OpenJDK) No connection Java 11.0.2 (OpenJDK) No connection Java 17.0.3 (OpenJDK) No connection Java 21.0.6 (OpenJDK) No connection go 1.17.8 No connection LibreSSL 3.3.6 (macOS) No connection OpenSSL 1.0.2e No connection OpenSSL 1.1.1d (Debian) No connection OpenSSL 3.0.15 (Debian) No connection OpenSSL 3.5.0 (git) TLSv1.3 TLS_AES_128_GCM_SHA256 X25519MLKEM768 Apple Mail (16.0) No connection Thunderbird (91.9) No connection
  For me, very fresh browser and/or SSL/TLS library needed.
- Same here, but saving the post just in case is solved.
  
  Does https://pq.cloudflareresearch.com/ confirm your browser is using X25519MLKEM768?
- Are you sure you're using an up to date browser? My server is using TLS 1.3 with x25519mlkem768. Most browsers should support this KEM already.
  
  I'm using the latest firefox on the latest android (just tried it on chrome from the same phone and it loads fine)