mint - A Minimal TLS 1.3 stack

This project is primarily a learning effort for me to understand the TLS 1.3 protocol. The goal is to arrive at a pretty complete implementation of TLS 1.3, with minimal, elegant code that demonstrates how things work. Testing is a priority to ensure correctness, but otherwise, the quality of the software engineering might not be at a level where it makes sense to integrate this with other libraries. Backward compatibility is not an objective.

We borrow liberally from the Go TLS library, especially where TLS 1.3 aligns with earlier TLS versions. However, unnecessary parts will be ruthlessly cut off.

Quickstart

Installation is the same as for any other Go package:

go get github.com/bifurcation/mint

The API is pretty much the same as for the TLS module, with Dial and Listen methods wrapping the underlying socket APIs.

conn, err := mint.Dial("tcp", "localhost:4430", &mint.Config{...})
...
listener, err := mint.Listen("tcp", "localhost:4430", &mint.Config{...})

Documentation is available on godoc.org

Interoperability testing

The mint-client and mint-server executables are included to make it easy to do basic interoperability tests with othe TLS 1.3 implementations. The steps for testing against NSS are as follows.

# Install mint
go get github.com/bifurcation/mint

# Install and build NSS
cd $NSS_ROOT # wherever you want to put NSS
hg clone $nss
hg clone $nspr
cd nss
USE_64=1 ENABLE_TLS_1_3=1 BUILD_GTESTS=1 make nss_build_all

# Run NSS tests (this creates data for the server to use)
cd tests
NSS_TESTS=ssl_gtests NSS_CYCLES=standard ./all.sh

# Test with client=mint server=NSS (fill in $PLATFORM and $HOST as needed)
cd $NSS_ROOT
SSLTRACE=100 DYLD_LIBRARY_PATH=dist/$PLATFORM/lib/ dist/$PLATFORM/bin/selfserv -d tests_results/security/$HOST/ssl_gtests/ -n server -p 4430
# ...
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-client/main.go

# Test with client=NSS server=mint (fill in $PLATFORM and $HOST as needed)
cd $NSS_ROOT
SSLTRACE=100 DYLD_LIBRARY_PATH=dist/$PLATFORM/lib/ dist/$PLATFORM/bin/tstclnt -d tests_results/security/$HOST/ssl_gtests/ -V tls1.3:tls1.3 -h 127.0.0.1 -p 4430 -o -O
# ...
go run $GOPATH/src/github.com/bifurcation/mint/bin/mint-server/main.go

Name		Name	Last commit message	Last commit date
Latest commit History 47 Commits
bin		bin
LICENSE.md		LICENSE.md
README.md		README.md
alert.go		alert.go
common.go		common.go
common_test.go		common_test.go
conn.go		conn.go
conn_test.go		conn_test.go
crypto.go		crypto.go
crypto_test.go		crypto_test.go
extensions.go		extensions.go
extensions_test.go		extensions_test.go
handshake-layer.go		handshake-layer.go
handshake-layer_test.go		handshake-layer_test.go
handshake-messages.go		handshake-messages.go
handshake-messages_test.go		handshake-messages_test.go
log.go		log.go
log_test.go		log_test.go
mint.svg		mint.svg
record-layer.go		record-layer.go
record-layer_test.go		record-layer_test.go
tls.go		tls.go
tls_test.go		tls_test.go

License

grittygrease/mint

Folders and files

Latest commit

History

Repository files navigation

mint - A Minimal TLS 1.3 stack

Quickstart

Interoperability testing

About

Resources

License

Stars

Watchers

Forks

Languages