Strongcomms Golang client released

I just publicly released my Golang Strongcomms (strong communications) library, which features various security and privacy-preserving communication functions for Golang applications. The library was designed for situations when the application is operating on an untrusted or adversarial network (sniffing, MitM, etc.) and intentionally avoids insecure or revealing protocols like DNS and NTP.

Feel free to jump directly to the code on Github.

The Strongcomms library provides functionality in three key areas:

  • A DNS-over-HTTPS (DOH) client (RFC 8484) for secure and private DNS lookups
  • A Golang net.http-compatible HTTPS client that uses DOH for DNS lookups and includes various methods to verify the server/server certificate (reduced/custom root cert pools, SPKI chain pinning, SPKI leaf pinning)
  • A method to bootstrap a current date/time over HTTPS, for IoT/RTC-challenged devices needing accurate date/time for HTTPS certificate validation but don’t want to use NTP

The library is tested and biased towards using Cloudflare and Google DOH servers for DNS resolution. For the HTTPS client, there is direct support for accessing sites fronted by Cloudfront. Other providers are possible, with direct configuration.


Tags: golang, crypto, networking