Skip to content

draftr-js/mint

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

265 Commits
bin
bin
 
 
syntax
syntax
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
alert.go
alert.go
 
 
alert_test.go
alert_test.go
 
 
common.go
common.go
 
 
common_test.go
common_test.go
 
 
conn.go
conn.go
 
 
conn_test.go
conn_test.go
 
 
crypto.go
crypto.go
 
 
crypto_test.go
crypto_test.go
 
 
extensions.go
extensions.go
 
 
extensions_test.go
extensions_test.go
 
 
ffdhe.go
ffdhe.go
 
 
fuzz_test.go
fuzz_test.go
 
 
handshake-layer.go
handshake-layer.go
 
 
handshake-layer_test.go
handshake-layer_test.go
 
 
handshake-messages.go
handshake-messages.go
 
 
handshake-messages_test.go
handshake-messages_test.go
 
 
handshake.go
handshake.go
 
 
log.go
log.go
 
 
log_test.go
log_test.go
 
 
mint.svg
mint.svg
 
 
negotiation.go
negotiation.go
 
 
negotiation_test.go
negotiation_test.go
 
 
record-layer.go
record-layer.go
 
 
record-layer_test.go
record-layer_test.go
 
 
tls.go
tls.go
 
 
tls_test.go
tls_test.go
 
 

Repository files navigation

A lock with a mint leaf

mint - A Minimal TLS 1.3 stack

Build Status

This project is primarily a learning effort for me to understand the TLS 1.3 protocol. The goal is to arrive at a pretty complete implementation of TLS 1.3, with minimal, elegant code that demonstrates how things work. Testing is a priority to ensure correctness, but otherwise, the quality of the software engineering might not be at a level where it makes sense to integrate this with other libraries. Backward compatibility is not an objective.

We borrow liberally from the Go TLS library, especially where TLS 1.3 aligns with earlier TLS versions. However, unnecessary parts will be ruthlessly cut off.

Quickstart

Installation is the same as for any other Go package:

go get github.com/bifurcation/mint

The API is pretty much the same as for the TLS module, with Dial and Listen methods wrapping the underlying socket APIs.

conn, err := mint.Dial("tcp", "localhost:4430", &mint.Config{...})
...
listener, err := mint.Listen("tcp", "localhost:4430", &mint.Config{...})

Documentation is available on godoc.org

Interoperability testing

The mint-client and mint-server executables are included to make it easy to do basic interoperability tests with other TLS 1.3 implementations. The steps for testing against NSS are as follows.

# Install mint
go get github.com/bifurcation/mint

# Environment for NSS
NSS_ROOT=<whereever you want to put NSS>
export USE_64=1
export ENABLE_TLS_1_3=1
export DYLD_LIBRARY_PATH=dist/$PLATFORM/lib
export LD_LIBRARY_PATH=dist/$PLATFORM/lib
export HOST=localhost
# You can just copy this once NSS builds
export PLATFORM=$(uname -s)$(uname -r | cut -f 1-2 -d . -)_$(uname -m)_${CC:-cc}_glibc_PTH_64_$([ -n "$BUILD_OPT" ] && echo OPT || echo DBG).OBJ

# Build NSS
hg clone https://hg.mozilla.org/projects/nss
hg clone https://hg.mozilla.org/projects/nspr
cd nss
make nss_build_all

# Run NSS tests (this creates data for the server to use)
cd tests/ssl_gtests
./ssl_gtests.sh

# Test with client=mint server=NSS
cd $NSS_ROOT
dist/$PLATFORM/bin/selfserv -d tests_results/security/$HOST/ssl_gtests/ -n rsa -p 4430
# ...
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-client/main.go

# Test with client=NSS server=mint
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-server/main.go
# ...
cd $NSS_ROOT
dist/$PLATFORM/bin/tstclnt -d tests_results/security/$HOST/ssl_gtests/ -V tls1.3:tls1.3 -h 127.0.0.1 -p 4430 -o

About

A Minimal TLS 1.3 Implementation in Go

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%