Post

Replies

Boosts

Views

Activity

How to set DTLS protocol options?
Hi, I am unable to figure out how to set the tls protocol version. This is part of the code I am using:let tlsOptions = NWProtocolTLS.Options() sec_protocol_options_add_pre_shared_key(...) sec_protocol_options_add_tls_ciphersuite(tlsOptions.securityProtocolOptions, TLS_PSK_WITH_AES_128_GCM_SHA256) sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, tls_protocol_version_t.DTLSv12) let parameters = NWParameters(dtls: tlsOptions) connection = NWConnection(host: ..., port: NWEndpoint.Port(rawValue: 2100)!, using: parameters) connection.start(queue: .main)When I run this code I get the following log errors:2019-10-19 14:30:31.628250+0200 MyApp[4906:117290] [BoringSSL] boringssl_helper_tls_protocol_version_from_SSLProtocol(111) [C6:1][0x7fd33fc4d4f0] Unknown SSLProtocol version: 11 2019-10-19 14:30:31.649137+0200 MyApp[4906:117290] [BoringSSL] boringssl_context_handle_fatal_alert(1874) [C6:1][0x7fd33fc4d4f0] read alert, level: fatal, description: bad record mac 2019-10-19 14:30:31.650008+0200 MyApp[4906:117290] [BoringSSL] boringssl_session_handshake_error_print(111) [C6:1][0x7fd33fc4d4f0] 140546626918936:error:100003fc:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_RECORD_MAC:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl_Sim/boringssl-283.40.1/ssl/tls_record.cc:587:SSL alert number 20 2019-10-19 14:30:31.650105+0200 MyApp[4906:117290] [BoringSSL] nw_protocol_boringssl_handshake_negotiate_proceed(724) [C6:1][0x7fd33fc4d4f0] handshake failed at state 12288It appears that the tls protocol version is unknown (see first log line). This is the function I am using to set the version: https://developer.apple.com/documentation/security/3180218-sec_protocol_options_set_min_tlsI am using the `tls_protocol_version_t.DTLSv12` constant so why does this show an error? I was unable to find any documentation/samples using DTLS so I might be doing something wrong. Is this the correct way to use DTLS?
2
0
1.5k
Oct ’19