I am using NSURLSession for server communication. Can I add cipher suit for the communication.
I got this:
But not sure how to use these API's while using NSURLSession for server comminication.
Is there any other way, please specify.
Thanks
How to configure cipher suit on iOS.
NSURLSession does not allow you to directly modify the list of cypher suites it uses. The only control you have is indirect, via App Transport Security. See the NSAppTransportSecurity section of Information Property List Key Reference for details.
What cypher suite are you trying to add?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Thanks for the reply.
So using NSURLSession bydefault allows fews cipher suit.
And setting NSExceptionRequiresForwardSecrecy to YES and NSThirdPartyExceptionRequiresForwardSecrecy to NO will enable few more ciphers.
Am I right Eskimo?
I am trying to add few more Cipers which are not there on the list of the documentation.
Can I add those (Ex: TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, DHE-RSA-DES-CBC3-SHA, etc)
Am I right Eskimo?
Yes.
I am trying to add few more Cipers which are not there on the list of the documentation. Can I add those?
No. There’s actually multiple levels of issues here:
NSURLSession does not give you direct control over the cypher suites used by the connections in the session.
The underlying TLS implementation, Secure Transport, does not support the Camellia cypher suites.
Secure Transport does not support pluggable cypher suites, so you can’t add it.
It would be reasonable to file an enhancement request requesting APIs for all of these points. If you do file any bug reports about this, please post your bug numbers, just for the record.
ps You can get a list of cypher suites supported by Secure Transport by calling
SSLGetSupportedCiphersstatic void DumpCypherSuites() {
OSStatus err;
SSLContextRef context;
size_t cypherCount;
SSLCipherSuite * cyphers;
context = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
cypherCount = 1024;
cyphers = calloc(cypherCount, sizeof(*cyphers));
err = SSLGetSupportedCiphers(context, cyphers, &cypherCount);
assert(err == errSecSuccess);
for (size_t i = 0; i < cypherCount; i++) {
NSLog(@"%04zx", (size_t) cyphers[i]);
}
free(cyphers);
CFRelease(context);
}Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"So is there any way to add othere cipher list.
Other then NSURLSession what other API can be used that can support TLS, host name mismatch and self signed certificate and also we can add few more cipher list.