MacSurf

Released: 2026-05-29
Verified on: Power Macintosh G3 iMac, Mac OS 9.2.2
Engine HEAD: fixes318 (MacSurf side); macTLS at 2725837 (multi-curve ECDHE)

The headline

Multi-curve ECDHE lands in TLS 1.3. macTLS now offers three curves in supported_groups — X25519, P-256, P-384 — and handles HelloRetryRequest cleanly. That unblocks servers that disallow X25519 (FIPS zones, certain XenForo-on-nginx configs, some Cloudflare strict zones).

68kmla.org/bb/ — one of the largest active Classic Mac communities — now fully renders on a G3 iMac via TLS 1.3 + P-384.

Full forum index. 2,759 box-tree nodes. 19 images. Zero handshake failures across a browsing session. TLS 1.3 over P-384 via HelloRetryRequest.

What's new

Three ECDHE curves now offered in TLS 1.3 ClientHello:

• 0x001D X25519 — preferred, all-purpose
• 0x0017 secp256r1 (NIST P-256)
• 0x0018 secp384r1 (NIST P-384)

key_share carries an X25519 public key by default. If the server's supported_groups excludes X25519, the server sends HelloRetryRequest naming the curve it actually wants, and macTLS now resends ClientHello exactly once with a fresh key share on the requested curve.

A latent HelloRetryRequest infinite-loop bug (was being handled inline via WantRead) is closed by a clean hrr_pending state transition consumed at the next pump step.

Regression status

X25519-default sites all verified unchanged on host and on G3 hardware:

• mactrove.com (TLS 1.3, 0x1303 ChaCha20-Poly1305, X25519)
• google.com (TLS 1.3, X25519)
• cloudflare.com /cdn-cgi/trace (TLS 1.3, X25519)
• howsmyssl.com (TLS 1.3, X25519)

MacTLSTest unaffected.

Companion MacSurf fixes

Shipped alongside the macTLS update:

• fixes317 — universal HTTPS↔HTTP fallback with per-host bounce-loop guard. Whichever scheme the user types is tried first; on failure the other scheme is attempted exactly once; on second failure FETCH_ERROR. HSTS sites whose TLS fails no longer spin in a redirect loop.
• fixes317a — URL parser repairs single-slash schemes (https:/host/ typo → https://host/) so a slipped keystroke doesn't double-prepend.
• fixes318 — diagnostic instrumentation (CHUNKDIAG, FCDIAG) for the pending Google Fonts chunked-stall capture.

What's NOT in this release

For honest accounting:

• Google Fonts (fonts.googleapis.com) occasionally stalls on a chunked + keep-alive response that doesn't self-terminate cleanly. Diagnostic instrumentation shipped; root cause is browser-side fetcher, not macTLS. Capture pending.
• TLS 1.3 session resumption (PSK / tickets) still deferred.
• Post-quantum key agreement still deferred.

Credits

Multi-curve ECDHE work landed in macTLS by the dedicated TLS agent. BearSSL by Thomas Pornin provides the cryptographic primitives — the EC curve implementations used here (ec_c25519_m15, ec_p256_m15, ec_prime_i15) have been in BearSSL since its earliest releases.

Full notes

docs/release-notes/MacSurf-1.3.1.md

Building from source

v1.3.1 is a transparent macTLS engine upgrade. No MacSurf project file changes vs v1.3. No new BearSSL files. Just rebuild against the updated macTLS tree.

v1.3 builders pulling onto a v1.2 workspace need to add four macTLS files to enable TLS 1.3: bearssl/src/ec/ec_c25519_m15.c, os9/ostls_tls13_keysched.c, os9/ostls_tls13_record.c, os9/ostls_tls13_handshake.c.