TLS clients testing

Quality assuarance, reliability, fault tolerance are of major concern for developers of security protocols. Authors of specifications for those protocols take responsible approach to specification development and undertake significant efforts to study potential attacks and minimize the risk of effective exploits. Therefore it is vitally important for an implementation to conform to the corresponding protocol specification, especially in the context of error prcessing in inbound meesages or sequence of messages since such kinds of errors are the major facility for implementation of attacks against protocol implementations.
Testing is one of the primary tools for evaluation whether an implementation conforms to the specification. This paper continues the series of other publications of the authors dedicated to specification-based conformance testing for Internet security protocols. The paper presents a test suite for conformance testing of TLS protocol clients. The test suite is based on UniTESK technology of test construction and JavaTESK toolkit that implements the technology. The attacking inputs are constructed using mutation testing, building malformed test packets from correct originals following specific rules called "mutation operators". We developed mutation operators for a number of primary data types used in the formal model of the protocol. The approach was applied to a number of open-source well-known implementations of TLS. The approach proved to be feasible: a number of deviations from protocol specification and other errors were identified in all selected implementations of the protocol.