CODEWITHSUNDEEP
objective-cmacosnsstreamcfsocket
user2251650
user2251650

Reputation: 189

SSL and NSStream

I tried to use SSL in NSStream over CFSocket connection. So I write this code:

[self.input setProperty:NSStreamSocketSecurityLevelTLSv1 forKey:NSStreamSocketSecurityLevelKey];
[self.output setProperty:NSStreamSocketSecurityLevelTLSv1 forKey:NSStreamSocketSecurityLevelKey];

[self.input scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[self.output scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];

[self.input open];
[self.output open];

But if I send request to my server from curl or browser I have this error:

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

When I use this solution NSStream SSL on used socket I still have the same error.

How to configure stream to use ssl?

Upvotes: 2

Views: 980

Answers (1)

Jashugan
Jashugan

Reputation: 343

SSL/TLS comes with different versions. Maybe the server you are connecting to is not capable of communicating using TLS version 1. Try the value NSStreamSocketSecurityLevelNegotiatedSSL for forKey:NSStreamSocketSecurityLevelKey to get the highest possible version for your connection.

Furthermore try to set the properties for the SSL/TLS connection in this way

// Setting properties. Atm every certificate is accepted and no hostname will be checked
        NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
                                  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
                                  [NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
                                  [NSNumber numberWithBool:NO],  kCFStreamSSLValidatesCertificateChain,
                                  kCFNull,kCFStreamSSLPeerName,
                                  nil];
        CFReadStreamSetProperty((CFReadStreamRef)_inputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
        CFWriteStreamSetProperty((CFWriteStreamRef)_outputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);

But keep in mind that there is not much authentication and protection against man-in-the-middle when you are using it this way. Try to play with the settings to deal with additional problems.

Furthermore post more code and try to connect to another server that is using https.

Upvotes: 2

Related Questions