Glossary

AEAD: Authenticated Encryption with Associated Data, a mode of operation for symmetric ciphers that processes messages and optional additional data as atomic objects: the decryption provides data only if integrity of data is verified, encryption provides ciphertext only when all the data was provided to the encryption function.
AES: Advanced Encryption Standard is a symmetric block cipher.
AES-CCM: AEAD mode of Advanced Encryption Standard (AES) that combines counter mode with the CBC-MAC algorithm. In TLS those ciphers require version 1.2 or 1.3.
AES-CCM8: AES-CCM with 8 byte long authentication tag.
AES-GCM: Advanced Encryption Standard in Galois Counter Mode is an AEAD cipher, it encrypts and authenticates data with one operation. In TLS those ciphers require version 1.2 or 1.3.
ALPN: Application Layer Protocol Negotiation is a TLS extension allowing for co-existence of multiple applications protocols on the same TCP or UDP port. Commonly used to negotiate HTTP/2 over HTTP/1.1.
CBC: Cipher Block Chaining, an encryption mode for block ciphers, used since SSLv2 until TLS 1.2.
CI: Continuous Integration is a development practice in which changes are merged to master branch, commonly after the test coverage for the project is executed.
CMAC: Cipher-based MAC
ECDHE: Implementation of Diffie-Hellman key exchange algorithm over elliptic curves.
ECDSA: Elliptic Curve Digital Signature Algorithm uses the Digital Signature Algorithm with elliptic curves instead of finite field groups. It’s an asymmetric cryptosystem, similar to RSA.
GMAC: Galois MAC, commonly used as part of the AES-GCM cipher.
HMAC: Hash-based MAC, commonly used with CBC mode ciphers in TLS before version 1.3
HSM: Hardware Security Module is usually an extension card that is tasked with secure storage of private keys. Some HSMs also provide hardware acceleration for cryptographic operations.
IETF: Internet Engineering Task Force is an organisation responsible for providing specifications of protocols used over the Internet.
IV: Initialisation Vector, a value used to influence the generated ciphertext, unlike the key, it doesn’t have to remain secret
MAC: Message Authentication Code is the generic name for data used to verify integrity of the received data. This data is called an authentication tag. There are many MACs defined: HMAC, CMAC, or GMAC.
NPN: Next Protocol Negotiation is a TLS extension allowing for use of multiple application layer protocols on the same port. Not standardised. Obsoleted by ALPN.
PKIX: Public Key Infrastructure for the Internet, described use of X.509 certificates in Internet protocols.
PRF: Pseudo-Random Function is used to sanitise random values to prepare them for use as keys in encryption. TLS 1.0 and 1.1 uses combination of MD5 and SHA1. TLS 1.2 and 1.3 use SHA-256 or SHA-384 based algorithms depending on cipher suite negotiated.
RFC: Request For Comments are standards published by Internet Engineering Task Force, an open standards organisation.
RSA: Rivest Shamir Adleman is an asymmetric cryptosystem commonly used for signing messages or encrypting keys.
SNI: Server Name Indication, also known as server_name, is a TLS extension for negotiatiating connections to “Virtual Hosts”. It allows a server to distinguish requests for different hostnames sharing a single IP address.
SSL: Secure Sockets Layer is an old cryptographic network protocol. It has orginated in Netscape in the early 1990’s. Currently replaced by TLS.
SUT: System Under Test is the device or implementation that the tests are verifying. Excludes tlsfuzzer itself or systems necessary to execute it or tlsfuzzer.
TCP: Transport Control Protocol is a stream protocol that provides reliable delivery over the Internet Protocol.
TLS: Transport Layer Security is a cryptographic network protocol defined in a series of RFC documents, newest of which is RFC8446.