I just finished and published the first part of a side project, alt-tls, which is making TLS work with ed25519 (and other alternative configurations). It is strange that neither chrome nor firefox support ed25519 TLS. But in our own software we can do whatever we want. Also created the binaries to create the PEM secret key and PEM self-signed certificate (with an alt subject name of "IGNORE THE NAME BASE TRUST ON THE KEY", a cert verifier that allows any self-signed certs (but does verify their signature), and example client and server that talk to each other over this TLS connection using my crypto provider (based on rand_core, ed25519-dalek, x25519-dalek, sha2, chacha20_poly1305 crates). It is very strict: TLS 1.3, chacha20-poly1305, sha256, ed25519, x25519... nothing else is supported. I will try to add blake3 but there is no IANA number for it so I'll just have to pick a reserved for private use number. The same goes for secp256k1 keys which I will try to get working as well (I'm sure you understand why).
https://github.com/mikedilger/alt-tls
Mike Dilger ☑️ /
npub1ac…9p35c
2025-03-28 01:33:18
Author Public Key
npub1acg6thl5psv62405rljzkj8spesceyfz2c32udakc2ak0dmvfeyse9p35cPublished at
2025-03-28 01:33:18Event JSON
{
"id": "e037654eb127c27d6295280c2079177caef3d59941c449f96f3f6cfdcf856712",
"pubkey": "ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49",
"created_at": 1743125598,
"kind": 1,
"tags": [],
"content": "I just finished and published the first part of a side project, alt-tls, which is making TLS work with ed25519 (and other alternative configurations). It is strange that neither chrome nor firefox support ed25519 TLS. But in our own software we can do whatever we want. Also created the binaries to create the PEM secret key and PEM self-signed certificate (with an alt subject name of \"IGNORE THE NAME BASE TRUST ON THE KEY\", a cert verifier that allows any self-signed certs (but does verify their signature), and example client and server that talk to each other over this TLS connection using my crypto provider (based on rand_core, ed25519-dalek, x25519-dalek, sha2, chacha20_poly1305 crates). It is very strict: TLS 1.3, chacha20-poly1305, sha256, ed25519, x25519... nothing else is supported. I will try to add blake3 but there is no IANA number for it so I'll just have to pick a reserved for private use number. The same goes for secp256k1 keys which I will try to get working as well (I'm sure you understand why).\n\nhttps://github.com/mikedilger/alt-tls\n",
"sig": "235cfcbe0f7d93775f9a12fc48c44da09e116bd9a394188b44a796eb3fa71e156c17d6b8be231d95e9058bbcd7f295f1b92b546a87475388de35a49c7dec4065"
}