How does one set SSL ciphers when using CFSocket/CFStream in Cocoa?

后端 未结 2 1899
渐次进展
渐次进展 2021-02-09 02:54

I recently needed to configure CocoaHttpServer, which we\'re using in our application with success, to handle HTTPS connections coming from a client application (running on Andr

2条回答
  •  迷失自我
    2021-02-09 03:26

    Please note that there are different ciphers that can be chosen - I chose to use the same one as our Windows implementation for consistency.

    With information from another question mentioned above, I figured out how to set the cipher for CFSocket to use the same as Windows, and the code appears to be now quite a bit better - like it really works! CFSocket isn't directly exposing the SecureTransport support, which makes this kind of hard, but defining a particular key makes it work nicely.

    For posterity, here's the code I've added to -onSocketWillConnect: in our HTTPConnection class:

    // define this value; it isn't exposed by CFSocketStream.h
    const extern CFStringRef kCFStreamPropertySocketSSLContext;
    

    ...

    CFReadStreamRef stream = [sock getCFReadStream];
    CFDataRef data = (CFDataRef) CFReadStreamCopyProperty(stream, kCFStreamPropertySocketSSLContext);
    
    // Extract the SSLContextRef from the CFData
    SSLContextRef sslContext;
    CFDataGetBytes(data, CFRangeMake(0, sizeof(SSLContextRef)), (UInt8*)&sslContext);
    SSLCipherSuite *ciphers = (SSLCipherSuite *)malloc(1 * sizeof(SSLCipherSuite));
    ciphers[0] = SSL_RSA_WITH_RC4_128_MD5; // Basic cipher - not Diffie-Hellman
    SSLSetEnabledCiphers(sslContext, ciphers, 1);
    

    I hope this helps anyone working through the same issue as I - I'd be happy to share some more code and advice if needed.

提交回复
热议问题