COOLJAPAN
← All posts
June 22, 2026 • 7 min read

OxiTLS 0.2.0 — A Pure Rust TLS Transport Stack, No OpenSSL, No ring

OxiTLS is the COOLJAPAN Pure Rust TLS transport stack — a NoFFI replacement for OpenSSL, native-tls, and the ring / aws-lc-rs C-and-assembly crypto backends. TLS 1.3 and 1.2, mTLS, ALPN, session resumption, OCSP stapling, post-quantum key exchange, and a Pure-Rust CryptoProvider by default. The transport-security foundation under OxiHTTP, OxiQUIC, and OxiRPC.

release oxitls pure-rust cooljapan noffi tls security networking cryptography

The handshake is finally ours.

Today we’re releasing OxiTLS 0.2.0 — the COOLJAPAN-blessed Pure Rust TLS transport stack, providing TLS 1.2 and 1.3 client and server support with a Pure-Rust crypto provider wired in at the default-feature path.

No OpenSSL. No native-tls. No ring. No FFI. No -sys crates on the path you actually ship. Pure Rust, from the byte that hits the socket to the AEAD that protects it.

Why OxiTLS

TLS is the layer everything else trusts, and for most of the Rust ecosystem that trust still routes through C and hand-written assembly. The Phase 1 audit of oxigdal made the problem concrete: ring (C + assembly) leaks into every workspace that so much as touches the AWS / Azure / Google SDK chain, via aws-config → aws-smithy-runtime → hyper-rustls → rustls → ring. You did not choose that dependency. It arrived as a transitive guest, dragging a build-time C toolchain and an opaque assembly blob into a codebase you wanted to keep memory-safe and auditable.

OxiTLS is the ecosystem-wide remediation for that contamination. It is the transport-security foundation the rest of the stack — OxiHTTP, OxiQUIC, OxiRPC, and the OxiGDAL cloud crates — can build on without inheriting a native crypto backend. The default closure is 100% Pure Rust. The C-dependent paths still exist, but they are opt-in by design: separate crates you add deliberately when FIPS, raw throughput, or an HSM genuinely require them, never something that sneaks in transitively.

What we built

OxiTLS is not a from-scratch reimplementation of the TLS protocol. It is a carefully composed stack that wires a Pure-Rust CryptoProvider into a proven protocol engine, then quarantines every remaining FFI surface behind its own crate. The work lives across ten subcrates:

1. Core (oxitls-core) The shared traits and types, plus the OsRng adapter that bridges a getrandom-backed RNG into the RustCrypto signature and KEX primitives. Default crate.

2. Pure-Rust provider (oxitls-adapter-rustls-rustcrypto) The default CryptoProvider, backed by RustCrypto. This is the piece that replaces ring on the normal dependency edge — the AEADs, hashes, MACs, signatures, and key exchange that drive the handshake, all in Rust. Default crate.

3. Root store (oxitls-webpki-roots) The trust anchor store and intermediate-certificate cache. In 0.2.0 this crate is Mozilla-roots-only, with an LRU intermediate cache, fingerprint-based filtering / merging / exclusion, and support for expiring roots. Default crate.

4. OS-native certificates (oxitls-native-certs) A dedicated quarantine crate for reading the operating system’s certificate store — Security.framework on macOS, SChannel on Windows, a PEM bundle on Linux. This is the only place OS-native FFI lives, isolated so the default path stays pure. Opt-in; add it directly when you need to trust the platform store.

5. High-level facade (oxitls) ClientBuilder and ServerBuilder — the ergonomic front door for everyday client and server TLS.

6. HTTP/2 (oxitls-h2), 7. Certificate generation (oxitls-rcgen) Optional layers for HTTP/2 over TLS with a generic stream type, and Pure-Rust X.509 certificate generation.

8–10. Opt-in FFI adapters (oxitls-adapter-aws-lc, oxitls-adapter-pkcs11) and the benchmark harness (oxitls-bench) The aws-lc-rs adapter (FIPS, high throughput) and the PKCS#11 adapter (HSM / TPM) are standalone opt-in crates with bounded FFI — never facade features, never in the default closure.

The cryptographic primitives themselves — AEAD, hash, MAC, signature, key exchange, RNG — come from oxicrypto, the COOLJAPAN crypto library, keeping the algorithm implementations in one audited place.

Getting Started

cargo add oxitls

A minimal async TLS client:

use oxitls::{ClientBuilder, TlsError};

#[tokio::main]
async fn main() -> Result<(), TlsError> {
    let stream = ClientBuilder::new()
        .server_name("example.com")
        .connect("example.com:443")
        .await?;
    Ok(())
}

And the server side, with ALPN negotiation:

use oxitls::{ServerBuilder, TlsError};

#[tokio::main]
async fn main() -> Result<(), TlsError> {
    let acceptor = ServerBuilder::new()
        .with_cert_pem(cert_pem, key_pem)?
        .with_alpn(&["h2", "http/1.1"])
        .build()?;
    Ok(())
}

Need certificates for local development? Enable the rcgen feature and generate them in Pure Rust:

use oxitls_rcgen::{generate_self_signed_ed25519, generate_ca, SigningAlgorithm};

let leaf = generate_self_signed_ed25519(&["localhost", "127.0.0.1"])?;
let ca = generate_ca("My Root CA", SigningAlgorithm::EcdsaP256)?;

Highlights

Capabilities on the Pure-Rust default path:

Certificate generation (oxitls-rcgen) covers Ed25519, ECDSA-P256, ECDSA-P384, RSA-2048, and RSA-4096 key pairs; self-signed, CA-signed, and intermediate CA certificates; CSR generation and signing; PKCS#12 (PFX) export; and X.509 extensions including SAN, EKU, name constraints, CRL distribution points, AIA/OCSP URLs, plus SubjectKeyIdentifier and AuthorityKeyIdentifier computation.

Tips

A note on framing: OxiTLS composes well-known Pure-Rust anchors — rustls as the protocol engine, rustls-rustcrypto as the provider, rustls-webpki for path validation, rustls-pki-types for typed certificate and key representations — and wires OxiCrypto primitives beneath them. We make no formal-audit or certification claims for the default Pure-Rust path; the FIPS story lives specifically in the opt-in aws-lc-rs adapter. The security value here is sovereignty and auditability: a memory-safe stack with a small, explicit FFI surface you control.

Part of the COOLJAPAN ecosystem

OxiTLS belongs to NoFFI — the COOLJAPAN initiative to replace every C / C++ / Fortran / -sys FFI dependency in the Rust ecosystem with a clean, memory-safe, 100% Pure Rust implementation. Default features are Pure Rust, a single static binary with no system libraries and no build-time C toolchain.

It is the transport-security layer beneath the rest of the family. OxiTLS depends on oxicrypto for its cryptographic primitives, and in turn is depended on by oxigdal-cloud, oxigdal-gateway, oxigdal-websocket, oximedia-cloud, oxirouter, oxirag, oxigenai, oxillama, and oxirs — the cloud, gateway, routing, and AI crates that all need TLS they can trust without inheriting a native backend.

Repository: https://github.com/cool-japan/oxitls

Star the repo 🔒 if you want a future where the most security-critical layer of your stack is memory-safe and FFI-free by default.

Pure Rust TLS — sovereign, safe, and FFI-free.

KitaSan at COOLJAPAN OÜ June 22, 2026

↑ Back to all posts