go-tls-srp is an implementation of TLS-SRP,

TLS-SRP lets a client make a secure, authenticated TLS (SSL)
connection to a server with only a username and password. No
certificates are needed. No certificate authorities have to be

This implementation is based on a stripped down version of Go's
crypto/tls package.  It only implements the non-certificate ciphers
from RFC5054 (because it was simpler, and not needing certificates
is the whole point of TLS-SRP), in order of preference:
- SRP-SHA1 with AES-256-CBC,SHA1
- SRP-SHA1 with AES-128-CBC,SHA1

Supported TLS extensions:
- SNI, server name indication
- Ticket sessions
- SRP (obviously)

Other extensions from crypto/tls are not relevant for SRP, or will
be deprecated.

go-tls-srp is based on crypto/tls from the 1.2.1 Go release branch.
The plan is to keep it updated with later release branches, and
maybe more.

Both the client and server implementation have been tested against
the client and server implementations of GnuTLS and OpenSSL.

This library should not yet be considered ready for use. Another
security review would be nice, and more experience using it.

# Documentation

See for documentation.

See ex/ for simple, working examples of clients and servers.

# Contact

For feedback, questions, changes etc, contact me at

# Todo

- test that username/passwords that are not valid utf-8 do work
- redo current test cases and include the exact commands that were used to generate them
- write test case for two authentication attempts to server with invalid username, ensure that we get the same salt twice (so attacker cannot probe for (in)valid accounts)
- write test cases so all N,g groups are covered
- figure out why disappearing servers do not cause read errors for clients (and probably vice versa).


- integrate srp support back into go's crypto/tls.  but perhaps not, the api/interface might become ugly, the use case for srp vs "normal" certificated-based tls is quite different. also, the code will be more complicated, because some messages take on an other form under srp.
- implement srp's certificate-related ciphers.
- different interface for clients to pass in username & password (though it's nice and simple like it is now, and since this library only has srp ciphers, you know you will need a password before starting the connection, to there is not much use delaying reading a password)
- try to clear memory with sensitive data in it (like passwords).  not sure if this is possible in go.  how do you overwrite a string?
- be more strict in handling usernames: always use []byte form, never string

# License

Since this code is based on Go's crypto/tls package, the same license
applies (see LICENSE). My changes are released under the same