• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Need some guidance regarding ATS using CFNetwork APIs
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Need some guidance regarding ATS using CFNetwork APIs

  • Subject: Re: Need some guidance regarding ATS using CFNetwork APIs
  • From: Motti Shneor <email@hidden>
  • Date: Mon, 31 Aug 2015 09:41:00 +0300
Thanks Jens, 

Still I want it clear - Provided that I’ve set up my CFStream to enable automatic TLS/SSL handshake, and that I had my CFSockets do the TLS/SSL handshake “by themselves” without my code, and that I have a successful connection to my server - then just writing unencrypted message to the socket using CFWriteStreamWrite() will transparently encrypt and send the message for me? (and vice-versa, do I receive decrypted data from the socket on NSStreamEventHasBytesAvailable events?

Motti.


On Aug 31, 2015, at 02:03, Jens Alfke <email@hidden> wrote:


On Aug 30, 2015, at 1:29 PM, Motti Shneor <email@hidden> wrote:

However - I do not understand if I still need to encrypt the messages myself, or whether ::CFWriteStreamWrite() (or its bridged [_outputStream write:maxLength:] counterpart) should do it for me, when running with ATS around? and If I need to do the encryption myself, What Cocoa/Cocoa-touch APIs do I need to call to do this, in order to use the ATS recommended encryption? 

Just use the standard CFStream APIs to enable SSL. In a nutshell, you do this by setting the stream property kCFStreamPropertySSLSettings to a dictionary containing the specific settings. Once you do that, it’s all transparent: just open the streams and send/receive data.
CFSocketStream.h declares all the necessary constants, with doc-comments, and I know Apple’s documentation explains in detail how to do all this, though I don’t have any URLs handy.


I have done this already, as I wrote - and I manage to open a connection to my server. handshake went well, and I have an open connection. Now what. In the current implementation, I have to encrypt messages, and send them down the socket, and decrypt incoming messages. Now with the SSL-configured socket, I need to stop this, or replace my own encryption/decryption by some calls to SecureTrasnport  APIs ?.


(At a lower level you can use the SecureTransport API to do the SSL handshake and encryption explicitly, although it’s a lot more complex so I don’t think you’d want to, unless for some reason it makes it easier to replace your old SSL implementation.)

I could not find any sample code with CFNetwork only APIs that implements ATS connections over TCP

Don’t search for “ATS”, just search for “SSL"; the APIs for this have been around as long as OS X. There’s no programmatic API to ATS; the only change is that SSL is now required by default, and that there are some Info.plist keys to opt out of some of the requirements.

—Jens


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: Need some guidance regarding ATS using CFNetwork APIs
      • From: Jens Alfke <email@hidden>
References: 
 >Need some guidance regarding ATS using CFNetwork APIs (From: Motti Shneor <email@hidden>)
 >Re: Need some guidance regarding ATS using CFNetwork APIs (From: Jens Alfke <email@hidden>)

  • Prev by Date: Re: Need some guidance regarding ATS using CFNetwork APIs
  • Next by Date: Re: Need some guidance regarding ATS using CFNetwork APIs
  • Previous by thread: Re: Need some guidance regarding ATS using CFNetwork APIs
  • Next by thread: Re: Need some guidance regarding ATS using CFNetwork APIs
  • Index(es):
    • Date
    • Thread