Server sends a HelloRetryRequest but fails to complete the handshake after the client sends the second ClientHello. Often caused by non-compliant TLS 1.3 implementations on shared hosting providers.
splitClientHello: boolean
Server rejects fragmented ClientHello caused by large PQ keyshare, but accepts classical (non-PQ) handshakes. Typically caused by middleboxes or firewalls that cannot reassemble split TLS ClientHello messages.
unknownKeyshare: boolean
Server cannot handle an unknown key exchange algorithm in the ClientHello keyshare extension. Compliant servers should respond with HelloRetryRequest for a supported algorithm.
host: string
The host that was tested
kex: number
TLS CurveID of the negotiated key exchange
kexName: string
Human-readable name of the key exchange algorithm
pq: boolean
Whether the negotiated key exchange uses Post-Quantum cryptography (specifically X25519MLKEM768)
