TLS handshake implementations are often difficult to comprehensively test. This is in part due to the complexity of the X.509 certificate specification and its influence on relationships between certificates (for example, tests should check for “cA” in Basic Constraints before verifying relevant certificate authority signatures, and should also test that all certificates are currently valid). Even when the TLS protocol seems to be implemented correctly, subtle vulnerabilities in certificate validation can still occur and may only appear in edge cases. Contributing factors include incomplete implementation of the X.509 specification, relative weakness of cybersecurity as a part of the software development lifecycle, and the traditional software development perspective that certificate generation is an uncommon procedure (in contrast to DevOps, microservices, or certificate-rotation based strategies).