Post not yet marked as solved
Click to stop watching this thread.
You have stopped watching this post. Click to start watching again.
contentPostList.repliesup-voted.tooltip
Replied In
Implementing starttls with Network.framework
This is what we have implemented. It works so far, but it is far from optimal.
Open a raw client connection (which I'll call RCC) that connects to the remote without TLS.
Speak to the remote whatever protocol you need with RCC, until you need TLS.
Create a listener that listens on "127.0.0.1" port "0" (it will select a free port).
Only accept the first connection to that listener (which I'll call BLC for "bridge listener connection").
Bridge everything from BLC to RCC and from RCC to BLC.
Get the port P used by the listener (with nw_listener_get_port).
Open a secure client connection (which I'll call SCC) on port P with TLS enabled (but you need to set sec_protocol_options_set_peer_authentication_required(secOptions, false) to its security options.
Speak to the remote whatever protocol over TLS you need with SCC.
SCC <-----> BLC <-----> RCC
			tls				 raw
We do know that disabling authentication on security options does lower TLS security significantly, but at least it's working.