I am trying to establish a TLS 1.3 connection to a server that only accepts the SECP256R1
and FFDHE2048
TLS key share groups using the following code but the server is failing the TLS handshake because my client is not using a supported key exchange group. How do I specify which TLS key exchange group my client should use during the handshake?
let tlsOptions = NWProtocolTLS.Options()
if let secIdentity = getSecIdentity(),
let identity = sec_identity_create(secIdentity) {
sec_protocol_options_set_min_tls_protocol_version(
tlsOptions.securityProtocolOptions, .TLSv13)
sec_protocol_options_set_local_identity(
tlsOptions.securityProtocolOptions, identity)
}
let tlsParams = NWParameters(tls: tlsOptions, tcp: .init())
let endpoint = NWEndpoint.hostPort(host: NWEndpoint.Host(host), port: NWEndpoint.Port(port))
let nwConnection = NWConnection(to: endpoint, using: tlsParams)
nwConnection.stateUpdateHandler = stateDidChange(to:)
nwConnection.start(queue: queue)
Thanks!