iOS 13 ciphers

Question

Created Apr ’20

Replies 7

Boosts 0

Views 2.7k

Participants 2

Cipher TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 seems to be deprecated from iOS 13.0 and above. The server I am using supports this cipher and cannot be changed as all development on the server side was freezed a year ago. Now, I want to enable certificate based communication with the server using the aforementioned cipher. My application is live and has been connecting with the server for all previous iOS versions but not iOS 13.0.

Any help will be much appreciated. Please consider this urgent.

Thanks in advance for the help.

Please let me know if any other info is needed.

Boost

Answer 1

DTS Engineer OP

Apple

Apr ’20

What API were you using for this on iOS 12? iOS has two commonly-used TLS implementations, Secure Transport and BoringSSL, and neither of them supported

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

.

Note Pasted in below is the list of cypher suites offered up in the ClientHello of both implementation on iOS 12.4.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

NWConnection

uses BoringSSL internally:

TLS_CHACHA20_POLY1305_SHA256 (0x1303)
TLS_AES_128_GCM_SHA256 (0x1301)
TLS_AES_256_GCM_SHA384 (0x1302)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

CFSocketStream

uses SecureTransport internally:

TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

0

Answer 2

Subhashini OP

Apr ’20

First of all, thank you very much for the immediate response.

I have been using Network API to add the security options and then finally use the SwiftNIO open source library to make the connection.

On iOS 12.0, the network API uses

sec_protocol_options_add_tls_ciphersuite(tlsOptions.securityProtocolOptions, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)

where the 2nd parameter given is SSLCipherSuite enum. But this is deprecated from iOS 13.0. And for iOS 13.0, its recommended that we use

sec_protocol_options_append_tls_ciphersuite(_ options: sec_protocol_options_t, _ ciphersuite: tls_ciphersuite_t)

However, the tls_ciphersuite_t does not contain the necessary cipher (TLS_DHE_RSA_WITH_AES_256_GCM_SHA384).

Please help. Any help is much appreciated.

    public func startCertificateCommunication() throws {
        
        do {
            let bundle = Bundle.getResourcesBundle()
            let p12File = bundle?.path(forResource: "sample", ofType: "")
            let certificateData = try Data(contentsOf: URL(fileURLWithPath: p12File!))
            
            let password = "somepassword"
            
            var err: OSStatus = errSecIO
            let tlsOptions = NWProtocolTLS.Options()
            
            var items: CFArray?
            let certOptions: CFDictionary = [ kSecImportExportPassphrase: password ] as CFDictionary
            
            err = SecPKCS12Import(certificateData as CFData, certOptions, &items);
            
            if err == errSecSuccess, let items = items {
                let dict: AnyObject? = (items as Array).first
                if let certEntry: Dictionary = dict as? Dictionary<String, AnyObject> {
                    // grab the identity
                    let maybeIdentity: AnyObject? = certEntry["identity"]
                    let secIdentityRef: SecIdentity = maybeIdentity! as! SecIdentity
                    
                    // grab the certificate chain
                    var certRef: SecCertificate? = nil
                    SecIdentityCopyCertificate(secIdentityRef, &certRef)
                    
                    let id = sec_identity_create_with_certificates(secIdentityRef, [certRef] as CFArray)
                    sec_protocol_options_set_local_identity(tlsOptions.securityProtocolOptions, id!)
                }
            }
            if #available(iOS 13.0, *) {
                // How to add the TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher here?
            } else {
                // This is the place where cipher is added in iOS 12.0
                sec_protocol_options_add_tls_ciphersuite(tlsOptions.securityProtocolOptions, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
            }
            
            sec_protocol_options_set_verify_block(tlsOptions.securityProtocolOptions, { (sec_protocol_metadata, sec_trust, sec_protocol_verify_complete) in
                sec_protocol_verify_complete(true)
            }, DispatchQueue(label: "com.SSL"))
            
            do {
                try NIOTSConnectionBootstrap(group: self.group)
                    .channelOption(ChannelOptions.socket(SocketOptionLevel(SOL_SOCKET), SO_REUSEADDR), value: 1)
                    .channelOption(ChannelOptions.socket(IPPROTO_TCP, TCP_NODELAY), value: 1)
                    .connectTimeout(TimeAmount.seconds(10))
                    .tlsOptions(tlsOptions)
                    .channelInitializer { channel in
                        channel.pipeline.addHandler(self.handler!)
                }.connect(host: host, port: port).wait()
            }catch(let err) {
                debugPrint("Error:\(err)")
                throw err
            }
            
            
        }catch(let err) {
            debugPrint("Error:\(err)")
            throw err
        }
    }

0

Answer 3

DTS Engineer OP

Apple

Apr ’20

Oh, you’re manually enabling that cypher suite. That’s somewhat unusal, but still supported.

sec_protocol_options_add_tls_ciphersuite

is only deprecated. If you use it on iOS 13, does it still work?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 4

Subhashini OP

Apr ’20

Like you rightly mentioned, it is only deprecated. But when used on iOS 13.0, it fails. And therefore, the socket channel is not established.

I also tested the same using Wireshark. On iOS 12.0, I can see TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 cipher in the Client Hello message. Also, I see that the server uses this cipher in the Server Hello message.

Server Hello message for iOS 12.0:

Transport Layer Security

TLSv1.2 Record Layer: Handshake Protocol: Server Hello

Content Type: Handshake (22)

Version: TLS 1.2 (0x0303)

Length: 58

Handshake Protocol: Server Hello

Handshake Type: Server Hello (2)

Length: 54

Version: TLS 1.2 (0x0303)

Random: d9aca2cc52894acb35383b9364bacfd2649474...

Session ID Length: 0

Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)

Compression Method: null (0)

Extensions Length: 14

Extension: renegotiation_info (len=1)

Extension: session_ticket (len=0)

Extension: heartbeat (len=1)

However, on iOS 13.0, the Client Hello message itself does not contain the above mentioned cipher even when using the same sec_protocol_options_add_tls_ciphersuite.

Client Hello message on iOS 13.0:

Transport Layer Security

TLSv1 Record Layer: Handshake Protocol: Client Hello

Content Type: Handshake (22)

Version: TLS 1.0 (0x0301)

Length: 163

Handshake Protocol: Client Hello

Handshake Type: Client Hello (1)

Length: 159

Version: TLS 1.2 (0x0303)

Random: 424ca25c38294acb35383b0964bcafd2641174...

Session ID Length: 0

Cipher Suites Length: 48

Cipher Suites (24 suites)

Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc024)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc023)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA (0xc00a)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA (0xc009)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Cipher Suite: TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)

Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)

Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)

Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

Compression Methods Length: 1

Compression Methods (1 method)

Extensions Length: 70

Extension: renegotiation_info (len=1)

Extension: extended_master_secret (len=0)

Extension: signature_algorithms (len=24)

Extension: status_request (len=5)

Extension: signed_certificate_timestamp (len=0)

Extension: ec_point_formats (len=2)

Extension: supported_groups (len=10)

And hence, the server hello fails.

Please help in this regard. All your responses and suggestions are much appreciated.

0

Answer 5

DTS Engineer OP

Apple

Apr ’20

But when used on iOS 13.0, it fails.

Hmmm, that strongly suggests that support has been removed. Alas, I don’t have time to research a definitive answer for you in the context of DevForums. If you’d like to open a DTS tech support incident, I can’t dig into this in more depth (well, actually, it’s more likely that it’ll be my colleague Matt).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 6

Subhashini OP

Apr ’20

My friend has already raised a Tech Support Incident for the same, sometime back. However, the discussion was not fruitful and ended abruptly.

Please let me know how to proceed in this regard.

0

Answer 7

DTS Engineer OP

Apple

Apr ’20

My friend has already raised a Tech Support Incident for the same, sometime back.

Please contact me by email. My address is in my signature below. Make sure to reference this thread just for context (as you might imagine, I get a lot of email :-).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0