swift-nio-ssl

2.30.0

Star

TLS Support for SwiftNIO, based on BoringSSL.

tls swiftnio swift5 tls-support

What's New

SwiftNIO SSL 2.30.0

2025-04-23T09:28:14Z

What's Changed

SemVer Minor

Update BoringSSL to 817ab07ebb53da35afea409ab9328f578492832d by @Lukasa in #506

SemVer Patch

Update test certs by @rnro in #520
Clarify that we don't hop ELs in our callbacks by @Lukasa in #526
Cleanup missing internal Sendable annotation and missing preconcurrency import by @Lukasa in #525
Clean up sendability of statics by @Lukasa in #523
Clean up Sendability errors in pipelines and promises by @Lukasa in #524
Swap some implementation only imports to internal imports by @Lukasa in #521
Fix sendability issues in Universal Bootstrap by @Lukasa in #527
Remove some redundant suppressed conformances by @Lukasa in #522
Lock in strict concurrency adoption by @Lukasa in #530

Other Changes

Rename nightly_6_1 params to nightly_next by @rnro in #510
move nightly-next thresholds and add legacy symlink by @rnro in #511
Delete Thresholds/nightly-6.1 symlink by @rnro in #512
Only apply standard swift settings on valid targets by @rnro in #513
Update the allocations count benchmark threshold for nightly-main by @czechboy0 in #514
Enable macOS CI on merge to main and daily timer by @rnro in #516
Enable macOS CI on pull requests by @rnro in #517
Switch integration tests to newer Swift test matrix by @rnro in #519
Clean up Sendability issues in examples & performance tester by @Lukasa in #528
Address Sendability issues in the tests by @Lukasa in #529
Enable Swift 6.1 jobs in CI by @rnro in #531
Add DocC extension page to provide curation for TLSConfiguration by @heckj in #532
Fix typo in NIOSSLServerHandler documentation. by @zaneenders in #534

New Contributors

@heckj made their first contribution in #532
@zaneenders made their first contribution in #534

Full Changelog: 2.29.3...2.30.0

SwiftNIO SSL

SwiftNIO SSL is a Swift package that contains an implementation of TLS based on BoringSSL. This package allows users of SwiftNIO to write protocol clients and servers that use TLS to secure data in flight.

The name is inspired primarily by the names of the library this package uses (BoringSSL), and not because we don't know the name of the protocol. We know the protocol is TLS!

To get started, check out the API docs.

Using SwiftNIO SSL

SwiftNIO SSL provides two ChannelHandlers to use to secure a data stream: the NIOSSLClientHandler and the NIOSSLServerHandler. Each of these can be added to a Channel to secure the communications on that channel.

Additionally, we provide a number of low-level primitives for configuring your TLS connections. These will be shown below.

To secure a server connection, you will need a X.509 certificate chain in a file (either PEM or DER, but PEM is far easier), and the associated private key for the leaf certificate. These objects can then be wrapped up in a TLSConfiguration object that is used to initialize the ChannelHandler.

For example:

let configuration = TLSConfiguration.makeServerConfiguration(
    certificateChain: try NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) },
    privateKey: try .privateKey(.init(file: "key.pem", format: .pem))
)
let sslContext = try NIOSSLContext(configuration: configuration)

let server = ServerBootstrap(group: group)
    .childChannelInitializer { channel in
        // important: The handler must be initialized _inside_ the `childChannelInitializer`
        let handler = NIOSSLServerHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

For clients, it is a bit simpler as there is no need to have a certificate chain or private key (though clients may have these things). Setup for clients may be done like this:

let configuration = TLSConfiguration.makeClientConfiguration()
let sslContext = try NIOSSLContext(configuration: configuration)

let client = ClientBootstrap(group: group)
    .channelInitializer { channel in
        // important: The handler must be initialized _inside_ the `channelInitializer`
        let handler = try NIOSSLClientHandler(context: sslContext)

        [...]
        channel.pipeline.addHandler(handler)
        [...]
    }

The most recent versions of SwiftNIO SSL support Swift 5.7 and newer. The minimum Swift version supported by SwiftNIO SSL releases are detailed below:

SwiftNIO SSL	Minimum Swift Version
`2.0.0 ..< 2.14.0`	5.0
`2.14.0 ..< 2.19.0`	5.2
`2.19.0 ..< 2.23.0`	5.4
`2.23.0 ..< 2.23.2`	5.5.2
`2.23.2 ..< 2.26.0`	5.6
`2.26.0 ..< 2.27.0`	5.7
`2.27.0 ...`	5.8

Description

Swift Tools 5.9.0

View More Packages from this Author

Dependencies

swift-nio2.82.1

Last updated: Mon May 12 2025 09:11:07 GMT-0900 (Hawaii-Aleutian Daylight Time)