Mozilla's NSS library with TLS-N implementation.
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

TLS-N implementation for NSS

This is the prototype TLS-N implementation based on Mozilla's NSS library.

Main Library

The main library file can be found inside nss/lib/ssl/tlsproof.c. Here the most important functions are:

tlsproof_addMessageToProof This function adds a record to the evidence calculation.

SSL_TLSProofRequestProof The requester calls this function to trigger the evidence request.

tlsproof_handleMessageRequest The function used by the generator to finalize the evidence.

tlsproof_handleMessageResponse Uses the supplied evidence to create a proof according to the user's wishes.

SSL_TLSProofCheckProof Verifies a given proof.

Test Applications

We have also provided multiple test applications, such as:

  • A standalone verifier that verifies proofs.
  • A client and server application to test TLS-N with a specified amount of random traffic.
  • A benchmarking app for TLS-N.


For testing purposes we provide a Test CA with a test certiface for tls-n.testserver inside the ca folder. The certificate store has an empty password. You have to resolve this hostname accordingly in DNS.