Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use rustls for Swift to support TLS 1.3 #3113

Closed
wants to merge 4 commits into from
Closed

Use rustls for Swift to support TLS 1.3 #3113

wants to merge 4 commits into from

Commits on Feb 8, 2024

  1. Use rustls for Swift to support TLS 1.3 

    Currently Element X iOS does not support TLS 1.3, this PR shall fix that.

Explanation:

There is an official recommendation from Apple, that boils down to the
following if you use cross-platform code with sockets (as we do with the rust sdk):

> To use TLS in that case [BSD Sockets], add your own TLS implementation.

> Don’t use Secure Transport for your TLS implementation. It’s been deprecated since 2019
> and doesn’t support TLS 1.3. If you have existing code that uses Secure Transport, make
> a plan to migrate off it.

Modern TLS implementations including TLS 1.3 on macOS are only available as a builtin
via the Apple-specific URLSession / Network framework APIs, so APIs where you feed in
an URL and get the response back. They are not available in combination with a generic
sockets-based cross-platform code.

With that in mind, there is currently no hope that rust-native-tls would support TLS 1.3
in the forseeable future as there is simply no native TLS implementation in current
macOS/iOS that could be used by rust-native-tls.

See https://developer.apple.com/documentation/technotes/tn3151-choosing-the-right-networking-api#TLS-best-practices

Fixes: element-hq/element-x-ios#786
Signed-off-by: Christoph Settgast <csett86_git@quicksands.de>
    @csett86
    csett86 committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    f49b97c View commit details
    Browse the repository at this point in the history

  2. Always use rustls in matrix-sdk-ffi, as its needed for Android and iO… 

    …S/macOS
    @csett86
    csett86 committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    08159e0 View commit details
    Browse the repository at this point in the history

  3. ffi: Make TLS backend configurable 

    … but make rustls the default, which is much more useful for
cross-compilation.
    @jplatte
    jplatte committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    06a18a7 View commit details
    Browse the repository at this point in the history

  4. Allow both native-tls and rustls-tls to be enabled at the same time 

    … primarily for development.
    @jplatte
    jplatte committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    75e8fd8 View commit details
    Browse the repository at this point in the history