Any example code of tls Network.framework implementation

Question

Created Mar ’21

Replies 10

Boosts 0

Participants 2

Hi there,

When I check the SSLContext class, it says most of the api deprecated: 10.15, use Network.framework instead.

Do you have any suggest on the example code of using this new tls implementation with Network.framework?

Thanks and regards

Boost

Answer 1

DTS Engineer OP

Apple

Mar ’21

Are you trying to implement TLS over TCP? Or UDP? Or some other transport?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

richard_wang OP

Mar ’21

That is TCP based.

0

Answer 3

DTS Engineer OP

Apple

Mar ’21

Cool. Network framework has excellent support for TLS over TCP. Are you working in Swift? Or a C-based language?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 4

richard_wang OP

Mar ’21

It is swift based one.

0

Answer 5

DTS Engineer OP

Apple

Mar ’21

It is swift based one.

Wow, you’re making your life really easy (-: Network framework supports TCP and TLS-over-TCP in virtually the same way; all you need to do is change the NWParameters that you use to construct the connection:

Code Block  let c1 = NWConnection(host: "example.com", port: 80, using: .tcp)
let c2 = NWConnection(host: "example.com", port: 443, using: .tls)

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 6

richard_wang OP

Mar ’21

Thanks for the suggestion.
Is there any server side tcp tls usage example?

0

Answer 7

DTS Engineer OP

Apple

Apr ’21

Is there any server side tcp tls usage example?

It’s largely the same except that you construct your listener with the TLS parameters rather than the connection, and the connections spawned by the listener then inherit that TLS configuration. See this post for info on how to set up TLS options.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 8

richard_wang OP

Apr ’21

Code Block let c1 = NWConnection(host: "example.com", port: 80, using: .tcp)let c2 = NWConnection(host: "example.com", port: 443, using: .tls)

How about the usage when I use NetworkExtension?
Thanks in advance.

0

Answer 9

DTS Engineer OP

Apple

Apr ’21

How about the usage when I use Network Extension?

In general a Network Extension provider can use any TCP/IP it wants. The NWTCPConnection and NWUDPSession APIs are tailored for use within that environment but your provider can use any TCP/IP API it wants. This includes both BSD Sockets and the Network framework. For example, many NE VPN providers use BSD Sockets for their VPN transport.

However, the NE provider environment does how its own unique restrictions, mostly centred around the NE infrastructure that prevents VPN loops. I see you’ve opened multiple other threads with the NetworkExtension tag and I’ll let Matt respond to those in that context.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 10

richard_wang OP

Apr ’21

Thank you Eskimo.

0