How does one set SSL ciphers when using CFSocket/CFStream in Cocoa?

Question

I recently needed to configure CocoaHttpServer, which we\'re using in our application with success, to handle HTTPS connections coming from a client application (running on Andr

Answer 1

For what it's worth, I contributed a patch to CocoaAsyncSocket about a week before you had this issue. Sorry that I didn't notice your question back then. :-)

Answer 2

Please note that there are different ciphers that can be chosen - I chose to use the same one as our Windows implementation for consistency.

With information from another question mentioned above, I figured out how to set the cipher for CFSocket to use the same as Windows, and the code appears to be now quite a bit better - like it really works! CFSocket isn't directly exposing the SecureTransport support, which makes this kind of hard, but defining a particular key makes it work nicely.

For posterity, here's the code I've added to -onSocketWillConnect: in our HTTPConnection class:

// define this value; it isn't exposed by CFSocketStream.h
const extern CFStringRef kCFStreamPropertySocketSSLContext;

...

CFReadStreamRef stream = [sock getCFReadStream];
CFDataRef data = (CFDataRef) CFReadStreamCopyProperty(stream, kCFStreamPropertySocketSSLContext);

// Extract the SSLContextRef from the CFData
SSLContextRef sslContext;
CFDataGetBytes(data, CFRangeMake(0, sizeof(SSLContextRef)), (UInt8*)&sslContext);
SSLCipherSuite *ciphers = (SSLCipherSuite *)malloc(1 * sizeof(SSLCipherSuite));
ciphers[0] = SSL_RSA_WITH_RC4_128_MD5; // Basic cipher - not Diffie-Hellman
SSLSetEnabledCiphers(sslContext, ciphers, 1);

I hope this helps anyone working through the same issue as I - I'd be happy to share some more code and advice if needed.