Swiftpack.co - Package - apple/swift-nio-ssl


SwiftNIO SSL is a Swift package that contains an implementation of TLS based on BoringSSL. This package allows users of SwiftNIO to write protocol clients and servers that use TLS to secure data in flight.

The name is inspired primarily by the names of the library this package uses (BoringSSL), and not because we don't know the name of the protocol. We know the protocol is TLS!

To get started, check out the API docs.

Using SwiftNIO SSL

SwiftNIO SSL provides two ChannelHandlers to use to secure a data stream: the NIOSSLClientHandler and the NIOSSLServerHandler. Each of these can be added to a Channel to secure the communications on that channel.

Additionally, we provide a number of low-level primitives for configuring your TLS connections. These will be shown below.

To secure a server connection, you will need a X.509 certificate chain in a file (either PEM or DER, but PEM is far easier), and the associated private key for the leaf certificate. These objects can then be wrapped up in a TLSConfiguration object that is used to initialize the ChannelHandler.

For example:

let configuration = TLSConfiguration.forServer(certificateChain: [.file("cert.pem")], privateKey: .file("key.pem")) 
let sslContext = try NIOSSLContext(configuration: configuration)
let handler = try NIOSSLServerHandler(context: sslContext)
// Add the created handler to the pipeline.

For clients, it is a bit simpler as there is no need to have a certificate chain or private key (though clients may have these things). Setup for clients may be done like this:

let configuration = TLSConfiguration.forClient()
let sslContext = try NIOSSLContext(configuration: configuration)
let handler = try NIOSSLClientHandler(context: sslContext)
// Add the created handler to the pipeline.


Stars: 202
Help us keep the lights on


Used By



2.1.0 - May 22, 2019

Semver Minor

  • Add a timeout to TLS shutdown, ensuring that channels don't get stuck open. (#100)
  • Add a callback that enables SSLKEYLOGFILE support. (#98)

Semver Patch

  • Correctly set SSL_VERIFY_FAIL_IF_NO_PEER_CERT when turning on cert verification. (#107)
  • Fix an issue where we use non-thread-safe buffers to print error strings. (#102)
  • Update BoringSSL. (#108)
  • Improve API docs. (#103)

2.0.2 - Apr 12, 2019

Semver Patch

  • Fixed an error when working on both SwiftNIO and SwiftNIO SSL in package edit mode. (#99)
  • Updated BoringSSL to ad9eee16. (#97)
  • Docs improvements. (#94, #95)

2.0.0 - Mar 27, 2019

This is a major breaking release. SwiftNIO SSL 2.0.0 transitions SwiftNIO to use a vendored copy of BoringSSL instead of relying on the system copy of libssl.

Semver Major

  • Substantially renamed a number of types to remove the phrase "OpenSSL" from them. (#75)
  • NIOSSLClientHandler now requires a serverHostname, though it may still be nil. (#82)
  • uncleanShutdown was previously on OpenSSLError, is now on NIOSSLError. (#76)
  • Renamed SSLContext to NIOSSLContext. (#73)
  • Changed the type of TLSConfiguration.applicationProtocols to [String]. (#70)

2.0.1 - Mar 27, 2019

This release contains no function changes, and exists purely for administrative reasons.

1.4.0 - Jan 18, 2019

Semver Minor

  • Added support for removing TLS handlers from live connections without tearing those connections down ("unwrapping" TLS from a connection) (#54)
  • Made TLSConfiguration structures mutable. (#58)
  • Fixed crashes when issuing a certain pattern of repeated calls to Channel.close() while a TLS handler is in the pipeline. (#52)
  • Added support for extracting the public keys of TLS certificates during handshakes.

Semver Patch

  • Warnings and test cleanup. (#53, #61)