Peter Wu edited this page Feb 11, 2017 · 70 revisions
Clone this wiki locally

Here's a list of implementations of TLS 1.3. Add your own. Talk to @martinthomson if you have questions.


name language role(s) version features/limitations
NSS C C/S -18 FF2048, P-256, X25519, HelloRetryRequest, resumption, 0-RTT
[Firefox] C C -16 FF2048, P-256, X25519, HelloRetryRequest, resumption, 0-RTT
Mint Go C/S -18 PSK resumption, 0-RTT, HRR
nqsb OCaml C/S -11 PSK/DHE-PSK, no EC*, no client auth, no 0RTT -- live server at port 4433, records traces, ping @hannesm, contains a static PSK/DHE_PSK token: id: 0x0000 secret: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
ProtoTLS JavaScript C/S -13 EC/DHE/PSK, no HelloRetryRequest
miTLS F* C/S -13 EC/DHE/PSK, no HelloRetryRequest
Tris Go S -18 ECDHE/PSK/0-RTT, no HelloRetryRequest
BoringSSL C C/S -18 P-256, X25519, HelloRetryRequest, resumption
Wireshark C other -18 Full decryption and -18 dissection support since v2.3.0rc0-2345-g6cc7a7031d (keylog format proposal). Missing NST TicketEarlyData and CertificateRequest exts. Missing ChaCha20-Poly1305 decryption. Tracking bug
picotls C C/S -18 P-256, X25519, HelloRetryRequest, resumption, 0-RTT
rustls Rust C/S -18 P-256/P-384/curve25519, HRR, resumption. Tested against picotls/Tris
Haskell tls Haskell C/S -18 (EC)DHE w/ P* X* and FF*, full, HRR, PSK, 0RTT
Leto C# S -18 DHE, X25519, AES, no PSK no 0RTT. Tested against NSS

Version Negotiation

As of draft-16 version negotiation is in the "supported_versions" extension. Versions should advertise a draft version of TLS 1.3 as {0x7f, } (for draft-16: {0x7f, 10}).



Need FF Nightly, uses NSS, updated periodically. Nightly is -18, Aurora is -18. TLS 1.3 is on by default in Nightly and Aurora.


Need Chrome Canary, uses BoringSSL.

Go to chrome:flags and switch the TLS max version to 1.3.

Test servers

Implementation Version URL
Tris+nginx -16
Tris -16
mod_nss -18
mod_nss -18
BoringSSL -18
rustls+nginx -18