Post

Replies

Boosts

Views

Activity

NWProtocolTLS.Options init() supported default cipher suites iOS 13 ?
Hello,I have a local WebSocket server running inside an iOS app on iOS 13+. I'm using Swift NIO Transport Services for the server.I'm using NWProtocolTLS.Options from Network framework to specify TLS options for my server.I am providing my server as an XCFramework and want to let users to be able to specify different parameters when launching the server.For specifiying the TLS supported version, everything is working fine by using :public func sec_protocol_options_set_max_tls_protocol_version(_ options: sec_protocol_options_t, _ version: tls_protocol_version_t) public func sec_protocol_options_set_min_tls_protocol_version(_ options: sec_protocol_options_t, _ version: tls_protocol_version_t)But I also want to be able to specify some cipher suites. I saw that I can use :public func sec_protocol_options_append_tls_ciphersuite(_ options: sec_protocol_options_t, _ ciphersuite: tls_ciphersuite_t)But it seems that some cipher suites are enabled by default and I can't restrict the cipher suites just to the ones I want, I can just append others.NWProtocolTLS.Options class has an init() function which states "Initializes a default set of TLS connection options" on Apple documentation.So my question is, is there a way to know what TLS parameters this initialization does ? Especially the list of cipher suites enabled by default ? Because I can't find any information about it from my research. I used a tool to test handshake with my server to discover the cipher suites supported and enabled by default but I don't think it is a good way to be sure about this information.And is there a way to specify only cipher suites I want to be supported by my server by using NWProtocolTLS.Options ?Thank you in advance,Christophe
9
0
1.7k
May ’20
libc++ list.h broken error Xcode 13.3 macOS Monterey 12.3.1
Hi, I am using, inside my Xcode project, the snacc library (https://github.com/nevali/snacc) which uses the libc++ which comes with Xcode. I'm using Xcode 13.3 (13E113) on macOS Monterey 12.3.1. The compilation with the Xcode command-line tool fails with these errors: In file included from /Users/idplug-middleware/Work/idplug-ios-generic-api/idplug-classic/external_sdks/snacc/src/inc/asn-buf.h:12: /Applications/Xcode13.3.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.4.sdk/usr/include/c++/v1/list:1164:11: error: use of undeclared identifier '_A' list<_Tp, _A*lloc>::__link_nodes(__link_pointer __p, __link_pointer __f, __link_pointer __l)           ^ /Applications/Xcode13.3.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.4.sdk/usr/include/c++/v1/list:1164:14: error: use of undeclared identifier 'lloc' list<_Tp, _A*lloc>::__link_nodes(__link_pointer __p, __link_pointer __f, __link_pointer __l)              ^ /Applications/Xcode13.3.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.4.sdk/usr/include/c++/v1/list:1164:34: error: unknown type name '__link_pointer' list<_Tp, _A*lloc>::__link_nodes(__link_pointer __p, __link_pointer __f, __link_pointer __l)                                  ^ /Applications/Xcode13.3.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.4.sdk/usr/include/c++/v1/list:1164:54: error: unknown type name '__link_pointer' list<_Tp, _A*lloc>::__link_nodes(__link_pointer __p, __link_pointer __f, __link_pointer __l)                                                      ^ /Applications/Xcode13.3.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.4.sdk/usr/include/c++/v1/list:1164:74: error: unknown type name '__link_pointer' list<_Tp, _A*lloc>::__link_nodes(__link_pointer __p, __link_pointer __f, __link_pointer __l) Is there anything wrong with the libc++ library that comes with Xcode 13.3 ? Or am I doing something wrong ? I have never had this issue before with older versions of Xcode or macOS. Thank you. Christophe
1
0
1k
Apr ’22
Add self-signed root certificate into iOS app
Hello, I have a WebSocket server running locally on 127.0.0.1 inside my iOS app using SwiftNIO Transport Services. This WebSocket server is using a certificate with 127.0.0.1 name signed by a custom root certificate which is self-signed (so not trusted by default). Inside my app, I open a WKWebView and some JavaScript inside the webpage I navigate to is able to connect to my server with WebSocket secure protocol (wss) to send JSON formatted command to be executed natively in the app and send back a response. The javascript client library is based on universal-websocket-client npm library which is based on the native WebSocket Web API of the browser. I control also this library. In order for this to work, I have to install manually the profile of the root certificate and to trust it explicitly in the settings. I would like to avoid having the user to manually make an action to trust this certificate because perhaps I'd like to put my app at the end in the App Store. I don't need this certificate to be trusted for the whole device, just for my app. Is there any option that I have to do so ? For example by prompting the user inside the app to trust the root or even doing it silently for the user ? Perhaps by adding the custom root CA into the keychain ? I tried to look at having a certificate signed by a known CA but for 127.0.0.1, I guess it's not possible. I tried also to look at the trust evaluation but I'm the server, not the client. And on the javascript side, using the native WebSocket API, it seems that I cannot supplement with my custom CA when making the connection or override the trust evaluation. Or can I ? Thank you in advance for any help. Christophe
3
0
2k
Mar ’21