{"id":50304018,"url":"https://github.com/argenox/noxtls-rs","last_synced_at":"2026-05-28T15:00:30.538Z","repository":{"id":357286389,"uuid":"1236201059","full_name":"argenox/noxtls-rs","owner":"argenox","description":"NoxTLS Rust is a lightweight, high-performance embedded TLS library written in Rust and designed for secure communication in resource-constrained systems. Built for efficiency, portability, and modern security standards.","archived":false,"fork":false,"pushed_at":"2026-05-28T03:45:20.000Z","size":1528,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-05-28T05:20:36.981Z","etag":null,"topics":["cipher-algorithms","cipher-suit","cryptography","cryptography-api","dtls","openssl-alternative","rust","rust-library","tls","tls12","tls13"],"latest_commit_sha":null,"homepage":"https://noxtls.com","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/argenox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-12T03:19:50.000Z","updated_at":"2026-05-12T18:56:54.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/argenox/noxtls-rs","commit_stats":null,"previous_names":["argenox/noxtls-rs"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/argenox/noxtls-rs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argenox%2Fnoxtls-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argenox%2Fnoxtls-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argenox%2Fnoxtls-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argenox%2Fnoxtls-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/argenox","download_url":"https://codeload.github.com/argenox/noxtls-rs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/argenox%2Fnoxtls-rs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33613431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-28T02:00:06.440Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cipher-algorithms","cipher-suit","cryptography","cryptography-api","dtls","openssl-alternative","rust","rust-library","tls","tls12","tls13"],"created_at":"2026-05-28T15:00:18.171Z","updated_at":"2026-05-28T15:00:30.514Z","avatar_url":"https://github.com/argenox.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"docs/static/img/noxtls-rust-logo-256.webp\" alt=\"NoxTLS Rust\" width=\"200\" /\u003e\n\u003c/div\u003e\n\n# NoxTLS for Rust\n\n**A pure Rust TLS/DTLS workspace for embedded and host systems.**  \nBuilt for deterministic behavior, portable integrations, and modern cryptography.\n\n[![CI](https://github.com/argenox/noxtls-rs/actions/workflows/ci.yml/badge.svg)](https://github.com/argenox/noxtls-rs/actions/workflows/ci.yml)\n\n**Website:** https://noxtls.com  \n**Issues:** https://github.com/argenox/noxtls-rs/issues  \n\n## Why NoxTLS Rust?\n\nNoxTLS Rust is built for teams that need Rust-native TLS/DTLS support with predictable resource use.\n\n- Small and portable crate design\n- Deterministic crypto and protocol behavior\n- Embedded-friendly `no_std` + `alloc` support\n- Configurable transport adapters (`embedded-io`, `embedded-io-async`, `tokio`)\n- X.509 parsing, validation, and PEM tooling\n\n## Features and cryptography\n\n### Protocols (TLS / DTLS)\n\n- **TLS 1.3** and **DTLS 1.3** — handshake, record layer, resumption and early-data policy hooks, OCSP stapling support, and QUIC-style packet protection helpers for HTTP/3-style stacks.\n- **TLS 1.2** and **DTLS 1.2** — ECDHE-RSA with **AES-128-GCM** or **AES-256-GCM** (IANA `0xC02F` / `0xC030`).\n\n### Negotiated cipher suites\n\n| Protocol | Suites |\n|----------|--------|\n| TLS 1.3 / DTLS 1.3 | `TLS_AES_128_GCM_SHA256`, `TLS_AES_256_GCM_SHA384`, `TLS_CHACHA20_POLY1305_SHA256` |\n| TLS 1.2 / DTLS 1.2 | `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` |\n\n### Key exchange and signatures (TLS 1.3)\n\n- **Groups:** X25519, P-256 (secp256r1), ML-KEM-768 (standalone and hybrid with X25519).\n- **Signature algorithms:** ECDSA with P-256, RSA-PSS (SHA-256 / SHA-384), Ed25519, ML-DSA-65.\n\n### `noxtls-crypto` primitive suite\n\nThe **`noxtls-crypto`** crate supplies the underlying algorithms used by TLS and by tooling examples:\n\n- **Digests and KDF:** SHA-256 / SHA-384 / SHA-512, SHA-3, SHAKE-256, HMAC, HKDF, TLS 1.2 PRF helpers; SHA-1 where legacy verification requires it.\n- **Symmetric:** AES-GCM, ChaCha20-Poly1305, and additional AES / ARIA / Camellia modes (CBC, CCM, CTR, CFB, OFB, XTS, and more).\n- **Public-key:** RSA (OAEP, PKCS#1 v1.5, PSS), P-256 ECDH and ECDSA, X25519, Ed25519, ML-KEM, ML-DSA.\n- **Randomness:** HMAC-DRBG (SHA-256).\n\nLegacy or hazardous algorithms (for example **DES**, **RC4**, **X448**, and some relaxed RSA key-generation paths) are gated behind the **`hazardous-legacy-crypto`** Cargo feature and are off by default.\n\n### Certificates and PKIX\n\n- **`noxtls-x509`** — X.509 parsing, chain validation, hostname checks, CSR and CRL handling (see `examples/` for PEM/DER workflows).\n- **`noxtls-pem`** — PEM envelope encoding and decoding shared across the stack.\n\n### Optional integrations\n\n- **`provider-psa`** — offload signing, decryption, derivation, and AEAD to a PSA-style backend while keeping the same protocol API.\n- **Transport adapters** — `embedded-io`, `embedded-io-async`, and **Tokio** (`noxtls-io`, enabled from `noxtls`).\n\n## Getting started\n\n### Use `noxtls` from crates.io\n\nThe **[`noxtls`](https://crates.io/crates/noxtls)** crate is published on [crates.io](https://crates.io/). Browse the API on **[docs.rs/noxtls](https://docs.rs/noxtls)**.\n\nAdd it to your project:\n\n```powershell\ncargo add noxtls\n```\n\nOr pin a version in `Cargo.toml` (use the version you intend to ship against; this repository’s workspace is currently **0.2.12**):\n\n```toml\n[dependencies]\nnoxtls = \"0.2.12\"\n```\n\n**Defaults:** the crate enables `std` and `alloc` by default for typical host applications. For `no_std` builds, disable default features and opt in explicitly:\n\n```toml\n[dependencies]\nnoxtls = { version = \"0.2.12\", default-features = false, features = [\"alloc\"] }\n```\n\n**Common Cargo features** (see `crates/noxtls/Cargo.toml` for the complete list):\n\n| Feature | Purpose |\n|---------|---------|\n| `adapter-tokio` | Tokio transport adapter |\n| `adapter-embedded-io` | Blocking `embedded-io` adapter |\n| `adapter-embedded-io-async` | Async `embedded-io-async` adapter |\n| `provider-psa` | PSA crypto backend |\n| `hazardous-legacy-crypto` | Legacy algorithms (off by default) |\n\nImport protocol types from the crate root, for example:\n\n```rust\nuse noxtls::{Connection, TlsVersion, CipherSuite};\n```\n\nFor end-to-end TLS/DTLS and certificate examples, use this repo’s `examples/` (below) and the hosted guides at **[rsdocs.noxtls.com](https://rsdocs.noxtls.com)**.\n\n### Clone this repository\n\n```powershell\ngit clone https://github.com/argenox/noxtls-rs.git\ncd noxtls-rs\n```\n\n### Build and test\n\n```powershell\ncargo check --workspace\ncargo test --workspace\n```\n\n### Run examples (from a clone)\n\n```powershell\ncargo run -p noxtls --example tls_client\ncargo run -p noxtls --example parse_certificate\ncargo run -p noxtls --example noxtls-rs -- dgst --alg sha256 --text \"hello\"\n```\n\nSee `examples/README.md` for the full command list.\n\n## Workspace crates\n\nCrates in `crates/`:\n\n| Crate | Role |\n|-------|------|\n| `noxtls` | User-facing TLS/DTLS protocol and connection API |\n| `noxtls-core` | Shared error, profile, and utility primitives |\n| `noxtls-crypto` | Hash, MAC/HKDF, symmetric ciphers, PKC, and DRBG |\n| `noxtls-pem` | PEM encoding/decoding helpers |\n| `noxtls-x509` | ASN.1/DER, certificate handling, and validation |\n| `noxtls-io` | Transport traits and blocking/async adapters |\n| `noxtls-platform` | Platform time hooks (extensible for RNG/storage) |\n| `noxtls-test` | Demo binaries and internal test helpers (workspace-only, not on crates.io) |\n\n## Documentation\n\n- Docs site: https://rsdocs.noxtls.com\n- Local docs server:\n\n```powershell\ncd docs\nnpm install\nnpm run docs:sync\nnpm run start\n```\n\n- **Versioned docs (like NoxTLS C):** snapshots live under `docs/versioned_docs/version-*` and are listed in `docs/versions.json`. When you ship a release, add an entry to `docs/changelog.json`, then from `docs/` run `npm run docs:snapshot -- X.Y.Z` (runs `docs:sync` then `docusaurus docs:version X.Y.Z`). Commit the updated `versioned_docs/`, `versioned_sidebars/`, and `versions.json`. Set `lastVersion` in `docs/docusaurus.config.js` to the newest published doc version.\n\n- Record-layer integration notes: `docs/TLS13_RECORD_POLICY.md`\n- DTLS policy knobs: `docs/DTLS13_OPERATIONAL_POLICY.md`\n\n## Formatting and linting\n\n```powershell\ncargo fmt --all\ncargo clippy --workspace --all-targets\n```\n\n## Local validation\n\nRun the full local gate that mirrors CI, release/docs consistency checks, `thumbv6m-none-eabi` Embassy-oriented checks, and the Docusaurus build:\n\n```powershell\n./scripts/validate-local.ps1\n```\n\nOn Unix-like shells:\n\n```bash\n./scripts/validate-local.sh\n```\n\nUseful flags:\n\n- `-SkipDocs` / `--skip-docs` skips the Docusaurus install/build steps.\n- `-SkipThumbv6m` / `--skip-thumbv6m` skips embedded target checks when the target is not installed locally.\n- `-SkipTests` / `--skip-tests` skips `cargo test --workspace`.\n- `-FreshDocsInstall` / `--fresh-docs-install` forces `npm ci` before the docs build.\n\n## Licensing\n\nThis project follows a dual-license model:\n\n- GPLv2 for open-source usage\n- Commercial license for proprietary usage\n\nSee `LICENSE.md` and `COPYING.md`.  \nCommercial licensing: `info@argenox.com`.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fargenox%2Fnoxtls-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fargenox%2Fnoxtls-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fargenox%2Fnoxtls-rs/lists"}