Architecture

The diagram below illustrates the general architecture of TLS-Anvil, highlighting the different phases executed during a test run.
These phases are explained in detail in our USENIX Security Paper, Section 4.1.

TLS-Anvil Architecture

TLS-Anvil is implemented in Java and leverages several key libraries:

JUnit 5 – Testing engine. TLS-Anvil extensively uses JUnit's extension system.
TLS-Attacker – Core TLS stack.
TLS-Scanner – Scanner based on TLS-Attacker, used for feature extraction.
coffee4j – Library for combinatorial testing.

Key Concepts

Every test template ⓘ represents a JUnit test function augmented with Java annotations that define an IPM ⓘ.
Most importantly, these annotations enable the TLS-Anvil test lifecycle, which manages TLS message exchanges with the System Under Test (SUT).

TLS-Anvil Modules

TLS-Anvil is organized into two Java modules:

TLS-Testsuite:
The main module containing all test templates.
These templates reside in the de.rub.nds.tlstest.suite.tests package, further subdivided into:
- server tests
- client tests
- Tests applicable to both peers
  Inside these, tests are organized by relevant RFCs.
TLS-Test-Framework:
This module contains all JUnit extensions and the core test execution logic.

See the next chapter for an example test template and instructions on adding new templates.

Code-related Information​

Key Concepts​

TLS-Anvil Modules​

Code-related Information

Key Concepts

TLS-Anvil Modules