{"id":13511564,"url":"https://github.com/facebookincubator/fizz","last_synced_at":"2026-01-05T18:06:19.053Z","repository":{"id":38360928,"uuid":"89943162","full_name":"facebookincubator/fizz","owner":"facebookincubator","description":"C++14 implementation of the TLS-1.3 standard","archived":false,"fork":false,"pushed_at":"2025-05-13T16:37:26.000Z","size":9101,"stargazers_count":1164,"open_issues_count":39,"forks_count":163,"subscribers_count":45,"default_branch":"main","last_synced_at":"2025-05-13T17:48:36.199Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/facebookincubator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-05-01T16:55:30.000Z","updated_at":"2025-05-13T16:37:31.000Z","dependencies_parsed_at":"2023-09-25T23:35:46.566Z","dependency_job_id":"587813d1-fb16-4484-ba46-5f63cad20dbf","html_url":"https://github.com/facebookincubator/fizz","commit_stats":null,"previous_names":[],"tags_count":288,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/facebookincubator%2Ffizz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/facebookincubator%2Ffizz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/facebookincubator%2Ffizz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/facebookincubator%2Ffizz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/facebookincubator","download_url":"https://codeload.github.com/facebookincubator/fizz/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254010830,"owners_count":21999004,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T03:00:57.213Z","updated_at":"2026-01-05T18:06:18.980Z","avatar_url":"https://github.com/facebookincubator.png","language":"C++","readme":"\u003cp align=\"center\"\u003e\n  \u003cimg width=\"500\" height=\"216\" alt=\"Fizz\" src=\"logo2x.png\"\u003e\n\u003c/p\u003e\n\n[![Support Ukraine](https://img.shields.io/badge/Support-Ukraine-FFD500?style=flat\u0026labelColor=005BBB)](https://opensource.fb.com/support-ukraine)\n![linux](https://github.com/facebookincubator/fizz/workflows/linux/badge.svg?branch=main)\n![mac](https://github.com/facebookincubator/fizz/workflows/mac/badge.svg?branch=main)\n![windows](https://github.com/facebookincubator/fizz/workflows/windows/badge.svg?branch=main)\n\nFizz is a TLS 1.3 implementation.\n\nFizz currently supports TLS 1.3 drafts 28, 26 (both wire-compatible with the\nfinal specification), and 23. All major handshake modes are supported, including\nPSK resumption, early data, client authentication, and HelloRetryRequest.\n\nMore background and details are available on the\n[Facebook Code Blog](https://engineering.fb.com/2018/08/06/security/fizz/).\n\n## Dependencies\n\nFizz largely depends on three libraries: [folly](https://www.github.com/facebook/folly),\n[OpenSSL](https://www.openssl.org/), and [libsodium](https://github.com/jedisct1/libsodium).\n\n## Source Layout\n- `fizz/crypto`:   Cryptographic primitive implementations (most are wrapping\n                   OpenSSL or libsodium)\n- `fizz/record`:   TLS 1.3 record layer parsing\n- `fizz/protocol`: Common protocol code shared between client and server\n- `fizz/client`:   Client protocol implementation\n- `fizz/server`:   Server protocol implementation\n- `fizz/tool`:     Example CLI app source\n\n## Design\n\nThe core protocol implementations are in `ClientProtocol` and `ServerProtocol`.\n`FizzClientContext` and `FizzServerContext` provide configuration options.\n`FizzClient` and `FizzServer` (which both inherit from `FizzBase`) provide\napplications with an interface to interact with the state machine.\n`FizzClient`/`FizzServer` receives events from the application layer, invokes the\ncorrect event handler, and invokes the application `ActionVisitor` to process the\nactions.\n\n`AsyncFizzClient` and `AsyncFizzServer` provide implementations of the folly\n`AsyncTransportWrapper` interface. They own an underlying transport (for example\n`AsyncSocket`) and perform the TLS handshake and encrypt/decrypt application\ndata.\n\n## Features\n\nFizz has several important features needed from a modern TLS library.\n\n### Performance\n\nFizz supports scatter/gather IO by default via folly's IOBufs, and will encrypt\ndata in-place whenever possible, saving memcpys. Due to this and several\nother optimizations, we found in our load balancer benchmarks that Fizz has 10%\nhigher throughput than our prior SSL library which uses folly's\n[AsyncSSLSocket](https://github.com/facebook/folly/blob/master/folly/io/async/AsyncSSLSocket.h).\nFizz also consumes less memory per connection than AsyncSSLSocket.\n\n### Async by default\n\nFizz has asynchronous APIs to be able to offload functions like certificate\nsigning and ticket decryption. The API is based on folly's\n[Futures](https://github.com/facebook/folly/tree/master/folly/futures) for painless\nasync programming.\n\n### TLS features\n\nFizz supports APIs like exported keying material as well as zero-copy APIs\nneeded to use TLS in other protocols like QUIC.\n\n### Secure design abstractions\n\nFizz is built on a custom state machine which uses the power of the C++ type system\nto treat states and actions as types of their own. As the code changes, this allows us\nto catch invalid state transitions as compilation errors instead of runtime errors and\nhelps us move fast.\n\n## Sample Applications\n\nFizz includes an example program that showcases the basic client/server functionality\nsupported by Fizz. The binary is called `fizz` and it has similar usage to the\n`openssl` or `bssl` commands.\n\nFor example, to start a TLS server on port 443 with a specified cert:\n```sh\nfizz server -accept 443 -cert foo.pem -key foo.key\n```\n\nThen, on the same host, you can connect with:\n\n```sh\nfizz client -connect localhost:443\n```\n\nBoth ends will echo whatever data they receive and send any terminal input to the\npeer. Hitting CTRL+D on either end will terminate the connection.\n\nThe source code for this program can be found under `fizz/tool`.\n\n## Building\n\n### getdeps.py\n\ngetdeps.py is a script that many fbcode OSS projects use which will\nautomatically download dependencies for a project and build the project. This is\nwhat CI uses as its main entry point.\n\n```\npython3 build/fbcode_builder/getdeps.py --allow-system-packages build\n```\n\n### Manually\nFizz is a typical CMake project. In order to build Fizz, you must configure\nCMake such that Fizz's dependencies can be found (e.g. using the [`CMAKE_PREFIX_PATH`](https://cmake.org/cmake/help/latest/variable/CMAKE_PREFIX_PATH.html) variable)\n\nFor example:\n\n```\ncmake \\\n    -GNinja\n    -DCMAKE_PREFIX_PATH=/path/to/prefix \\\n    -DCMAKE_INSTALL_PREFIX=/path/to/prefix \\\n    -B/build/fizz \\\n    /path/to/checkout/fizz\n\ncmake --build /path/to/checkout/fizz\ncmake --install /atph/to/checkout/fizz\n```\n\n## Contributing\n\nWe'd love to have your help in making Fizz better. If you're interested, please\nread our guide to [guide to contributing](CONTRIBUTING.md)\n\n## License\nFizz is BSD licensed, as found in the LICENSE file.\n\n## Reporting and Fixing Security Issues\n\nPlease do not open GitHub issues or pull requests - this makes the problem\nimmediately visible to everyone, including malicious actors. Security issues in\nFizz can be safely reported via Facebook's Whitehat Bug Bounty program:\n\nhttps://www.facebook.com/whitehat\n\nFacebook's security team will triage your report and determine whether or not is\nit eligible for a bounty under our program.\n","funding_links":[],"categories":["C++","Popular Open Source Implementations of SSL/TLS"],"sub_categories":["Implementation Issues"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffacebookincubator%2Ffizz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffacebookincubator%2Ffizz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffacebookincubator%2Ffizz/lists"}