Seems like they use BoringSSL on their open source distributions, but their own library on their own platforms: https://forums.swift.org/t/native-implementations-and-boring...

CryptoKit isn't relevant to `goto fail`, which was the origin of this thread, given CryptoKit merely implements primitives and not TLS.

If you really are doubting what gets used for TLS, open up Console.app, start streaming, run `nscurl https://example.com/` (or load it in Safari, etc.), and you'll see logging like:

    default com.apple.network boringssl 18:11:46.229209-0700 libboringssl.dylib nscurl boringssl_session_apply_protocol_options_for_transport_block_invoke(2360) [C1.1.1.1:2][0x1008cef10] TLS configured [server(0) min_version(0x0303) max_version(0x0304) name(redacted) tickets(false) false_start(false) enforce_ev(false) enforce_ats(false) ats_non_pfs_ciphersuite_allowed(false) cc_mode_enforced(false) ech(false) pqtls(true), pake(false)]

iOS Safari definitely used BoringSSL last time I checked it with Frida