Bifurcation Mint Save

A Minimal TLS 1.3 Implementation in Go

Project README

A lock with a mint leaf

mint - A Minimal TLS 1.3 stack

Build Status

This project is primarily a learning effort for me to understand the TLS 1.3 protocol. The goal is to arrive at a pretty complete implementation of TLS 1.3, with minimal, elegant code that demonstrates how things work. Testing is a priority to ensure correctness, but otherwise, the quality of the software engineering might not be at a level where it makes sense to integrate this with other libraries. Backward compatibility is not an objective.

We borrow liberally from the Go TLS library, especially where TLS 1.3 aligns with earlier TLS versions. However, unnecessary parts will be ruthlessly cut off.

DTLS Support

Mint has partial support for DTLS, but that support is not yet complete and may still contain serious defects.


Installation is the same as for any other Go package:

go get

The API is pretty much the same as for the TLS module, with Dial and Listen methods wrapping the underlying socket APIs.

conn, err := mint.Dial("tcp", "localhost:4430", &mint.Config{...})
listener, err := mint.Listen("tcp", "localhost:4430", &mint.Config{...})

Documentation is available on

Interoperability testing

The mint-client and mint-server executables are included to make it easy to do basic interoperability tests with other TLS 1.3 implementations. The steps for testing against NSS are as follows.

# Install mint
go get

# Environment for NSS (you'll probably want a new directory)
NSS_ROOT=<whereever you want to put NSS>
mkdir $NSS_ROOT
export USE_64=1
export ENABLE_TLS_1_3=1
export HOST=localhost
export DOMSUF=localhost

# Build NSS
hg clone
hg clone
cd nss
make nss_build_all

export PLATFORM=`cat $NSS_ROOT/dist/latest`

# Run NSS tests (this creates data for the server to use)
cd tests/ssl_gtests

# Test with client=mint server=NSS
./dist/$PLATFORM/bin/selfserv -d tests_results/security/$HOST.1/ssl_gtests/ -n rsa -p 4430
# if you get `NSS_Init failed.`, check the path above, particularly around $HOST
# ...
go run $GOPATH/src/

# Test with client=NSS server=mint
go run $GOPATH/src/
# ...
dist/$PLATFORM/bin/tstclnt -d tests_results/security/$HOST/ssl_gtests/ -V tls1.3:tls1.3 -h -p 4430 -o
Open Source Agenda is not affiliated with "Bifurcation Mint" Project. README Source: bifurcation/mint
Open Issues
Last Commit
2 years ago

Open Source Agenda Badge

Open Source Agenda Rating