Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
This branch is 1 commit ahead, 75 commits behind shanemhansen:master.


Failed to load latest commit information.

gossl is a go library for interfacing with the venerable openssl library. It currently provides a dropin replacement for: crypto/sha512 crypto/sha256 crypto/sha crypto/aes (the aes 128, 192, and 256 ECB mode ciphers) crypto/tls.{Listener,LoadX509KeyPair}

Also included are a couple example command line utilities for hashing files and strings. They should run as fast as an equivalant c program (sha256sum). All of the openssl context api functions there. A new BIO has been created that allows OpenSSL to treat a go net.Conn the same way it would treat a raw socket connection, pretty neat!


Make sure you have libssl-dev and libssl1.0.0 installed on your system. This is needed to link against openssl. This is a standard go package, so you should be able to just:

go install

hashfile /etc/hosts
hashstring 'something'

go install

testhttpserver -cert $somecert -key $somekey


You might ask, "why create another crypto library?".

  • OpenSSL is a well audited and tested codebase.
  • Performance
  • Access to existing plugins/engines (cryptodev, gmp, af_alg)
  • More options for parsing exotic certificates and keys (including passphrase protected)
  • More ciphers and digests supported
  • OpenSSL provides more hooks (that we don't yet expose) for fine grained control of validation.
  • All TLS/SSL versions supported. (DTLS support coming soon)
  • Works better with buggy clients/servers. (For example ab chokes on crypto/tls based servers)


  • Requires CGO
  • Nowhere as elegant as crypto/tls
  • crypto/tls will probably catch up in terms of features and performance


Expose the complete OpenSSL api as well as making interoperability between crypto/tls and gossl possible. For example, you can use gossl to parse keys and certificates that crypto/tls can't handle yet. Connections are net.Conn's Listeners are net.Listener's, hashes and digests are... well you get the point.


Go bindings to the openssl library






No releases published


No packages published


  • Go 100.0%