I have a local WebSocket server running inside an iOS app on iOS 13+. I'm using Swift NIO Transport Services for the server.
I'm using NWProtocolTLS.Options from Network framework to specify TLS options for my server.
I am providing my server as an XCFramework and want to let users to be able to specify different parameters when launching the server.
For specifiying the TLS supported version, everything is working fine by using :
public func sec_protocol_options_set_max_tls_protocol_version(_ options: sec_protocol_options_t, _ version: tls_protocol_version_t) public func sec_protocol_options_set_min_tls_protocol_version(_ options: sec_protocol_options_t, _ version: tls_protocol_version_t)
But I also want to be able to specify some cipher suites. I saw that I can use :
public func sec_protocol_options_append_tls_ciphersuite(_ options: sec_protocol_options_t, _ ciphersuite: tls_ciphersuite_t)
But it seems that some cipher suites are enabled by default and I can't restrict the cipher suites just to the ones I want, I can just append others.
NWProtocolTLS.Options class has an init() function which states "Initializes a default set of TLS connection options" on Apple documentation.
So my question is, is there a way to know what TLS parameters this initialization does ? Especially the list of cipher suites enabled by default ? Because I can't find any information about it from my research. I used a tool to test handshake with my server to discover the cipher suites supported and enabled by default but I don't think it is a good way to be sure about this information.
And is there a way to specify only cipher suites I want to be supported by my server by using NWProtocolTLS.Options ?
Thank you in advance,