2016-11-03 21:13:18 +00:00
```
_____ _ ____ _ _
|_ _| | / ___| | |_ _ __ (_)___
| | | | \___ \ _____| __ | '__| / __ |
| | | |___ ___) |_____ | |_| | | \__ \
|_| |_____|____/ \__|_| |_|___/
```
crypto/tls, now with 100% more 1.3.
2017-02-14 22:47:21 +00:00
THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.
2016-11-03 21:13:18 +00:00
[![Build Status ](https://travis-ci.org/cloudflare/tls-tris.svg?branch=master )](https://travis-ci.org/cloudflare/tls-tris)
## Usage
Since `crypto/tls` is very deeply (and not that elegantly) coupled with the Go stdlib,
tls-tris shouldn't be used as an external package. It is also impossible to vendor it
as `crypto/tls` because stdlib packages would import the standard one and mismatch.
So, to build with tls-tris, you need to use a custom GOROOT.
A script is provided that will take care of it for you: `./_dev/go.sh` .
Just use that instead of the `go` tool.
2017-09-04 12:18:37 +01:00
The script also transparently fetches the custom Cloudflare Go 1.9 compiler with the required backports.
2016-11-03 21:13:18 +00:00
```
./_dev/go.sh build ./_dev/tris-localserver
2018-02-16 20:07:05 +00:00
TLSDEBUG=error ./tris-localserver -b 127.0.0.1:4443
2016-11-03 21:13:18 +00:00
```
## Debugging
2017-02-14 22:47:21 +00:00
When the environment variable `TLSDEBUG` is set to `error` , Tris will print a hexdump of the Client Hello and a stack trace if an handshake error occurs. If the value is `short` , only the error and the first meaningful stack frame are printed.
2016-11-03 21:13:18 +00:00
## Building Caddy
```
./_dev/go.sh build github.com/mholt/caddy
```
*Note: to get Caddy to use TLS 1.3 you'll have to apply the patch at `_dev/caddy/caddy.patch` .*
2017-02-14 22:47:21 +00:00
## Testing with BoringSSL/NSS/Mint/...
2016-11-03 21:13:18 +00:00
```
./_dev/tris-localserver/start.sh --rm
```
```
docker build -t tls-tris:boring _dev/boring
docker run -i --rm tls-tris:boring $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
```
```
docker build -t tls-tris:tstclnt _dev/tstclnt
docker run -i --rm tls-tris:tstclnt $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
```
```
docker build -t tls-tris:mint _dev/mint
docker run -i --rm tls-tris:mint $(docker inspect -f '{{ .NetworkSettings.IPAddress }}' tris-localserver):443
```
To build a specific revision, use `--build-arg REVISION=abcdef1234` .