4 Replies
      Latest reply on May 1, 2019 1:35 AM by eskimo
      timurp Level 1 Level 1 (0 points)

        Starting from iOS 11 (and macOS 10.13.x) SDKs SecureTransport has ALPN-related API, namely, two functions SSLSetALPNProtocols and SSLCopyALPNProtocols. On a client side things seem to be rather straightforward - you set a list of protocols, sorted by priority,

        during the handshake you copy the selected one (if any). But for a server this API: a) looks a bit strange and incomplete (OpenSSL, for example, has a callback for this there you can select the desired protocol), b) apparently just not implemented - whatever I do - my ServerHello sent via SecureTransport _never_ contains APLN extension and the protocol (the single one) I set via SSLSetALPNProtocols never sent to the client.

        I'm not sure what is the actual version of coreTLS it's using, but looking at the code - it appears that SSLProcessClientHelloExtension simply ignores ALPN extension (there is a switch statement on different extensions). Interesting enough, NPN (which is outdated by ALPN) is handled in this code and would probably work ... Did somebody manage to make a server-side connection work with ALPN?