Skip to content
A TLS implementation in Swift
Swift Other
  1. Swift 99.8%
  2. Other 0.2%
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github/workflows
Documentation Add design overview document, rename transitionTo to transtion(to:) Apr 30, 2018
RFCs
SwiftTLS.xcodeproj
SwiftTLS Fix RSA signing Dec 17, 2019
SwiftTLSTool
Tests
.gitignore Ignore xcbaselines in Xcode project Jun 1, 2018
LICENSE.txt
Package.swift
README.md Add linux and macos workflows to run tests Dec 1, 2019
TODO Move issues to github issue tracking Apr 28, 2018

README.md

SwiftTLS

SwiftTLS is a Swift-only implementation of TLS 1.3 and 1.2 that hopes to avoid common classes of vulnerabilities that have traditionally plagued C-based implementations like buffer overflows or generally arbitrary memory accesses. It is written entirely in Swift and has no external dependencies, i.e. all public key crypto, symmetric crypto and hash functions are included.

SwiftTLS is licensed under the MIT License.

Status

Features

Crypto

  • RSA-PKCS1 & RSA-PSS, DHE, ECDHE, ECDSA
  • CBC and GCM cipher modes
  • secp256r1, secp384r1, secp521r1
  • AES
  • SHA-1, SHA-2

TLS 1.2

  • session resumption

TLS 1.3

  • 0-RTT
  • HelloRetryRequest

Things to try

swift run -c release tls client --connect swifttls.org

swift run -c release tls server --port 4433 --certificate /path/to/mycert.pem --dhParameters /path/to/mydhparams.pem

BigInt performance highly depends on the build configuration, i.e. debug builds are an order of magnitude slower than release builds. So if you want to run the tests it is best to also use the release configuration like this:

swift test -c release -Xswiftc -enable-testing

A test server is running at swifttls.org.

A good starting point to see how you set up a TLS connection in code is server.swift and client.swift.

For a rough overview of the overall architecture see SwiftTLS Design

Disclaimer

Up until now this project has mainly been an effort for me to learn how TLS works, but I'd love to get your feedback and contributions to improve it.

Don't use this library in a production environment. It is not ready, has certainly a lot of bugs and received virtually no real world testing yet.

Performance has not been a primary goal until now, so don't expect too much.

You can’t perform that action at this time.