Using SSLSetEnabledCiphers with AFNetworking to disable weak ciphers

Question

I am trying to disable some ciphers (weak) such as single DES, single DES 40 bit etc.

I\'ve tried using this bit of code from How does one set SSL ciphers when using CF

Answer 1

Using SSLSetEnabledCiphers with AFNetworking to disable weak ciphers

OK, this one piqued my interest because its something I do in other languages, but not Cocoa/CocoaTouch. Its been on my TODO list for some time. The answer is you can't do it when working with the high level objects like NSURLConnection.

I could not find a way to bridge the gap between NSURLConnection and friends and the low level stuff needed to set the cipher suits. If you are interested, the "highest" the low level stuff goes is CFSocketStream. So the job is to get NSURLConnection to work with a CFSocketStream (or access the CFSocketStream in the NSURLConnection).

I also mirrored your question on Apple's Network Programming mailing list, and both Jens and Quinn confirmed it (Quinn provided the info on CFSocketStream). See Configure socket used by NSURLConnection?.

Also, in case you did not realize it, attempting to modify the properties in -connection:didReceiveAuthenticationChallenge: is too late. By the time you get the authentication challenge, the handshake is already in progress (i.e., the ClientHello has already been sent).

If you do manage to find a hack to do it, then please post it.