MacSurf

Released: 2026-05-29
Verified on: Power Macintosh G3 iMac, Mac OS 9.2.2
Engine HEAD: fixes315 (MacSurf side); macTLS at tls13-v1 (c405117)

The headline

MacSurf 1.3 negotiates TLS 1.3 natively on Classic Mac OS. No proxy. No helper machine. The ClientHello, the key schedule, the record layer, and the decrypted application data all happen on a 233 MHz Power Macintosh G3 iMac running Mac OS 9.2.2.

As far as we can find, this is the first native TLS 1.3 implementation on Classic Mac OS, ever. It shipped less than 24 hours after the v1.2 "Sealed" release that closed the entropy hole.

Third-party verification

This isn't an internal claim. Four independent test sites confirm TLS 1.3 negotiation from MacSurf on real hardware.

Akamai tls13.akamai.io

TLS Version: tls1.3 · TLS Cipher Name: TLS_CHACHA20_POLY1305_SHA256 · User Agent: MacSurf/0.2 (Macintosh; PPC Mac OS 9) · "Your client negotiated TLS 1.3, the latest version of the TLS protocol!"

BrowserLeaks browserleaks.com/tls

TLS Protocol: 0x0304 TLS 1.3 · Cipher Suite: 0x1303 TLS_CHACHA20_POLY1305_SHA256 · Key Exchange: 0x001D x25519 · Signature Scheme: 0x0804 rsa_pss_rsae_sha256

How's My SSL howsmyssl.com

Version: Good — "Your client is using TLS 1.3, the most modern version of the encryption protocol." Forward secrecy, no TLS compression, no insecure cipher suites.

Cloudflare /cdn-cgi/trace

uag=MacSurf/0.2 (Macintosh; PPC Mac OS 9)
tls=TLSv1.3
kex=X25519
sni=plaintext

What's new under the hood

• Hand-written TLS 1.3 handshake, key schedule, and record layer per RFC 8446, built on BearSSL cryptographic primitives only (BearSSL itself has no 1.3).
• X25519 key exchange. Cipher suites 0x1303 (CHACHA20-POLY1305) and 0x1301 (AES-128-GCM). SHA-256 transcript hash.
• Server auth against the 121-anchor Mozilla CCADB bundle (unchanged since v0.6).
• RFC 8446 + RFC 8448 test vectors pass on host and on-device.
• Every connection opens a 1.3 ClientHello that also advertises 1.2 suites; falls back to BearSSL's full 1.2 path if the server declines 1.3. Switch is transparent through the macTLS public API.
• TLS 1.2 sync, async, and session resumption are unchanged.

What's NOT in this release

Documented for honest accounting:

• TLS 1.3 session resumption (PSK / tickets — the CDN-resumption win)
• Post-quantum key agreement
• TLS client certificates
• 0-RTT early data

Credits

Adapted from Certainly by minorbug (MIT) — C99 / Retro68 → CodeWarrior 8 strict C89. BearSSL by Thomas Pornin (MIT) for the cryptographic primitives.

Full notes

docs/release-notes/MacSurf-1.3.md

Building from source

Same as 1.2 plus four new macTLS files in MacSurf.mcp to enable TLS 1.3:

• bearssl/src/ec/ec_c25519_m15.c
• os9/ostls_tls13_keysched.c
• os9/ostls_tls13_record.c
• os9/ostls_tls13_handshake.c

No other MacSurf-side changes required; the upgrade is entirely transparent through the macTLS public API.