### Example Bug Report Source: https://github.com/apple/swift-nio-ssl/blob/main/CONTRIBUTING.md An example of a comprehensive bug report, including SwiftNIO commit hash, context, reproduction steps, Swift version, OS version, and system information. ```text SwiftNIO commit hash: 22ec043dc9d24bb011b47ece4f9ee97ee5be2757 Context: While load testing my HTTP web server written with SwiftNIO, I noticed that one file descriptor is leaked per request. Steps to reproduce: 1. ... 2. ... 3. ... 4. ... $ swift --version Swift version 4.0.2 (swift-4.0.2-RELEASE) Target: x86_64-unknown-linux-gnu Operating system: Ubuntu Linux 16.04 64-bit $ uname -a Linux beefy.machine 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux My system has IPv6 disabled. ``` -------------------------------- ### Run NIOTLSServer Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOTLSServer/README.md Invoke the NIOTLSServer application to start a TLS server on ::1, port 4433. ```bash swift run NIOTLSServer # Gets a content on a server on ::1, port 4433, using TLS ``` -------------------------------- ### Configure SwiftNIO SSL Client Source: https://github.com/apple/swift-nio-ssl/blob/main/README.md Set up TLS configuration for a client. The handler must be initialized within the `channelInitializer`. ```swift let configuration = TLSConfiguration.makeClientConfiguration() let sslContext = try NIOSSLContext(configuration: configuration) let client = ClientBootstrap(group: group) .channelInitializer { channel in // important: The handler must be initialized _inside_ the `channelInitializer` let handler = try NIOSSLClientHandler(context: sslContext) [...] channel.pipeline.syncOperations.addHandler(handler) [...] } ``` -------------------------------- ### Configure SwiftNIO SSL Server Source: https://github.com/apple/swift-nio-ssl/blob/main/README.md Set up TLS configuration for a server using a certificate chain and private key. The handler must be initialized within the `childChannelInitializer`. ```swift let configuration = TLSConfiguration.makeServerConfiguration( certificateChain: try NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) }, privateKey: try .privateKey(.init(file: "key.pem", format: .pem)) ) let sslContext = try NIOSSLContext(configuration: configuration) let server = ServerBootstrap(group: group) .childChannelInitializer { channel in // important: The handler must be initialized _inside_ the `childChannelInitializer` let handler = NIOSSLServerHandler(context: sslContext) [...] channel.pipeline.syncOperations.addHandler(handler) [...] } ``` -------------------------------- ### Invoke NIOSSLHTTP1Client with a Specific URL Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSLHTTP1Client/README.md Use this command to fetch content from a specified server (e.g., example.com) on the default HTTPS port (443) using SSL/TLS. The URL dictates the target host and port. ```bash swift run NIOSSLHTTP1Client "https://example.com" ``` -------------------------------- ### Invoke NIOSSLHTTP1Client with Default Server Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSLHTTP1Client/README.md Use this command to fetch content from a server on localhost (::1) on the default HTTPS port (443) using SSL/TLS. No URL is specified, so defaults are used. ```bash swift run NIOSSLHTTP1Client ``` -------------------------------- ### Inspecting Pre-Shared Key Configurations Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Details for inspecting pre-shared key (PSK) configurations for clients and servers. ```APIDOC ## Inspecting pre-shared key configurations - ``pskClientProvider`` - ``pskHint`` - ``pskServerProvider`` - ``pskClientCallback`` - ``pskServerCallback`` ``` -------------------------------- ### Invoke NIOSSLHTTP1Client with Custom Port Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSLHTTP1Client/README.md Use this command to fetch content from a specified server (e.g., example.com) on a custom HTTPS port (e.g., 4433) using SSL/TLS. This is useful when the server is not listening on the default port. ```bash swift run NIOSSLHTTP1Client "https://example.com:4433" ``` -------------------------------- ### Creating TLS Configurations Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Provides methods for creating default client configurations and custom server configurations. ```APIDOC ## Creating a TLS configuration - ``clientDefault`` - ``makeClientConfiguration()`` - ``makeServerConfiguration(certificateChain:privateKey:)`` - ``makePreSharedKeyConfiguration()`` ``` -------------------------------- ### Server TLS Configuration Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/index.md Configure a server to use TLS by providing a certificate chain and private key. The TLSConfiguration is then used to create a NIOSSLContext, which initializes the NIOSSLServerHandler. Ensure the handler is added within the childChannelInitializer. ```swift let configuration = TLSConfiguration.makeServerConfiguration( certificateChain: try NIOSSLCertificate.fromPEMFile("cert.pem").map { .certificate($0) }, privateKey: try .privateKey(.init(file: "key.pem", format: .pem)) ) let sslContext = try NIOSSLContext(configuration: configuration) let server = ServerBootstrap(group: group) .childChannelInitializer { channel in // important: The handler must be initialized _inside_ the `childChannelInitializer` let handler = NIOSSLServerHandler(context: sslContext) [...] // Other channel setup channel.pipeline.addHandler(handler) [...] // More channel setup } ``` -------------------------------- ### Deprecated Client TLS Configuration Initializers Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Deprecated methods for creating client TLS configurations with various options. ```APIDOC ## Deprecated initializers - ``forClient(cipherSuites:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:certificateChain:privateKey:applicationProtocols:shutdownTimeout:keyLogCallback:)`` - ``forClient(cipherSuites:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:certificateChain:privateKey:applicationProtocols:shutdownTimeout:keyLogCallback:renegotiationSupport:)`` - ``forClient(cipherSuites:verifySignatureAlgorithms:signingSignatureAlgorithms:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:certificateChain:privateKey:applicationProtocols:shutdownTimeout:keyLogCallback:renegotiationSupport:)`` ``` -------------------------------- ### Configure TLS for Post-Quantum Key Exchange Only Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/quantum-secure-tls.md Set the TLS configuration to use only the post-quantum key exchange curve. This ensures that all key establishment is resistant to quantum computing attacks. ```swift tlsConfiguration.curves = [.x25519_MLKEM768] ``` -------------------------------- ### Client TLS Configuration Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/index.md Configure a client for TLS connections. This basic client configuration does not require a certificate chain or private key. The TLSConfiguration is used to create a NIOSSLContext, which initializes the NIOSSLClientHandler. Ensure the handler is added within the channelInitializer. ```swift let configuration = TLSConfiguration.makeClientConfiguration() let sslContext = try NIOSSLContext(configuration: configuration) let client = ClientBootstrap(group: group) .channelInitializer { channel in // important: The handler must be initialized _inside_ the `channelInitializer` let handler = try NIOSSLClientHandler(context: sslContext) [...] // Other channel setup channel.pipeline.addHandler(handler) [...] // More channel setup } ``` -------------------------------- ### Deprecated Server TLS Configuration Initializers Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Deprecated methods for creating server TLS configurations with various options. ```APIDOC - ``forServer(certificateChain:privateKey:cipherSuites:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:applicationProtocols:shutdownTimeout:keyLogCallback:)`` - ``forServer(certificateChain:privateKey:cipherSuites:verifySignatureAlgorithms:signingSignatureAlgorithms:minimumTLSVersion:maximumTLSVersion:certificateVerification:trustRoots:applicationProtocols:shutdownTimeout:keyLogCallback:)`` ``` -------------------------------- ### Configure Git Commit Template Source: https://github.com/apple/swift-nio-ssl/blob/main/CONTRIBUTING.md Command to configure Git to use the SwiftNIO commit message template. This ensures commit messages adhere to the project's standards. ```bash git config commit.template dev/git.commit.template ``` -------------------------------- ### Comparing and Hashing TLS Configurations Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Methods for comparing and hashing TLS configurations. ```APIDOC ## Comparing and Hashing TLS configurations - ``bestEffortEquals(_:)`` - ``bestEffortHash(into:)`` ``` -------------------------------- ### Inspecting Cipher Configurations Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Provides access to information about cipher suites, signature algorithms, and supported curves. ```APIDOC ## Inspecting configuration ciphers - ``cipherSuites`` - ``verifySignatureAlgorithms`` - ``signingSignatureAlgorithms`` - ``cipherSuiteValues`` - ``curves`` - ``additionalTrustRoots`` - ``sendCANameList`` ``` -------------------------------- ### Inspecting TLS Configuration Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/TLSConfiguration.md Allows inspection of various TLS settings such as minimum/maximum TLS versions, certificate verification, and application protocols. ```APIDOC ## Inspecting a configuration - ``minimumTLSVersion`` - ``maximumTLSVersion`` - ``certificateVerification`` - ``trustRoots`` - ``certificateChain`` - ``privateKey`` - ``applicationProtocols`` - ``shutdownTimeout`` - ``keyLogCallback`` - ``renegotiationSupport`` - ``sslContextCallback`` ``` -------------------------------- ### Configure TLS for Classical Key Exchange Only Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/quantum-secure-tls.md Set the TLS configuration to use only classical key exchange curves, disabling post-quantum cryptography. This is useful if post-quantum support is not required or causes compatibility issues. ```swift tlsConfiguration.curves = [.x25519, .secp256r1, .secp384r1] ``` -------------------------------- ### View System Certificate Validation Logs Source: https://github.com/apple/swift-nio-ssl/blob/main/Sources/NIOSSL/Docs.docc/trust-roots-behavior.md Use this command on macOS/iOS to view detailed certificate validation errors from the system's security subsystem. This can help diagnose issues related to certificate formatting, missing extensions, or chain validation problems. ```bash log show --predicate 'subsystem == "com.apple.security"' --last 1m ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.