network.framework client talk to OpenSSL Java Server

The old client was using OpenSSL and Socket, it works just fine, and the server is using TLS1.2 with public signed certificate, the TLS and TCP configuration of the new network.framework client are as below,

The server always complains the handshake failed. I tried default TLS, TLS version min to 1.0 max to 1.3, none of them working.

 auto config_tcp = ^(nw_protocol_options_t tcp_op) {
    nw_tcp_options_set_connection_timeout(tcp_op, connection_timeout); //set timeout to 5 seconds
    nw_tcp_options_set_enable_keepalive(tcp_op, true); //keep_live
    nw_tcp_options_set_no_delay(tcp_op, true); //enable no delay
    nw_tcp_options_set_enable_fast_open(tcp_op, true);
  };
   
  auto config_tls = ^(nw_protocol_options_t tls_options) {
    sec_protocol_options_t sec_options = nw_tls_copy_sec_protocol_options(tls_options);
    sec_protocol_options_set_min_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
    sec_protocol_options_set_max_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
     
    sec_protocol_options_append_tls_ciphersuite_group(sec_options,tls_ciphersuite_group_default);
    nw_release(sec_options);
  };
   
  auto endpoint = nw_endpoint_create_host(sip.c_str(), std::to_string( srvPort).c_str());
   
  auto param = nw_parameters_create_secure_tcp(config_tls, //TLSv1.2 for now
                         config_tcp); 
   
   
  // create the connection
  auto connect = nw_connection_create(endpoint, param);
Up vote post of stang Down vote post of stang
594 views
Posted by
stang
Reply

  • BTW, I tried openssl s_client to connect the server, it works ok w/o handshaking complain.

    openssl s_client -connect 192.168.68.107:7554

    but nw_parameters_create_secure_tcp won't work

    stang
Add a Comment

Accepted Reply

Tried many options, almost cost me two days, finally got one which is working:

auto config_tls = ^(nw_protocol_options_t tls_options) {
    auto sec_options = nw_tls_copy_sec_protocol_options(tls_options);
    sec_protocol_options_set_min_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
    sec_protocol_options_set_max_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
    sec_protocol_options_append_tls_ciphersuite_group(sec_options, tls_ciphersuite_group_default);
    sec_protocol_options_set_peer_authentication_required(sec_options, false);
  };
Posted by
stang
Up vote reply of stang Down vote reply of stang
Post marked as solved
Add a Comment

Replies

Tried many options, almost cost me two days, finally got one which is working:

auto config_tls = ^(nw_protocol_options_t tls_options) {
    auto sec_options = nw_tls_copy_sec_protocol_options(tls_options);
    sec_protocol_options_set_min_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
    sec_protocol_options_set_max_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
    sec_protocol_options_append_tls_ciphersuite_group(sec_options, tls_ciphersuite_group_default);
    sec_protocol_options_set_peer_authentication_required(sec_options, false);
  };
Posted by
stang
Up vote reply of stang Down vote reply of stang
Post marked as solved
Add a Comment