The old client was using OpenSSL and Socket, it works just fine, and the server is using TLS1.2 with public signed certificate, the TLS and TCP configuration of the new network.framework client are as below,
The server always complains the handshake failed. I tried default TLS, TLS version min to 1.0 max to 1.3, none of them working.
auto config_tcp = ^(nw_protocol_options_t tcp_op) {
nw_tcp_options_set_connection_timeout(tcp_op, connection_timeout); //set timeout to 5 seconds
nw_tcp_options_set_enable_keepalive(tcp_op, true); //keep_live
nw_tcp_options_set_no_delay(tcp_op, true); //enable no delay
nw_tcp_options_set_enable_fast_open(tcp_op, true);
};
auto config_tls = ^(nw_protocol_options_t tls_options) {
sec_protocol_options_t sec_options = nw_tls_copy_sec_protocol_options(tls_options);
sec_protocol_options_set_min_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
sec_protocol_options_set_max_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
sec_protocol_options_append_tls_ciphersuite_group(sec_options,tls_ciphersuite_group_default);
nw_release(sec_options);
};
auto endpoint = nw_endpoint_create_host(sip.c_str(), std::to_string( srvPort).c_str());
auto param = nw_parameters_create_secure_tcp(config_tls, //TLSv1.2 for now
config_tcp);
// create the connection
auto connect = nw_connection_create(endpoint, param);
Tried many options, almost cost me two days, finally got one which is working:
auto config_tls = ^(nw_protocol_options_t tls_options) {
auto sec_options = nw_tls_copy_sec_protocol_options(tls_options);
sec_protocol_options_set_min_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
sec_protocol_options_set_max_tls_protocol_version(sec_options, tls_protocol_version_TLSv12);
sec_protocol_options_append_tls_ciphersuite_group(sec_options, tls_ciphersuite_group_default);
sec_protocol_options_set_peer_authentication_required(sec_options, false);
};