I need to programmatically configure TLSv1.3 control parameters like
- cipher suites,
- Named Groups
- Signature Scheme
I can see in the apple development documentation, there is a option to configure cipher suites but no way to configure Named Groups and Signature Scheme.
Does anyone know a way to configure "Named Groups" & "Signature Schemes" also ?
or
If it is not possible in iOS then also Do we have anywhere written in documentation (evidence) ?
I am using URLSession as of now.
There’s definitely nothing like this for URLSession. It has very few TLS knobs to twiddle. It’s basically just min and max TLS version. See the URLSessionConfiguration docs for more.
If you drop down to Network framework then you have more options. Specifically, when you create a connection you can tweak many TLS settings via the securityProtocolOptions property. For a full list, see <Security/SecProtocolOptions.h> [1].
Reading through that header today, I don’t see anything like what you’re looking for. I encourage you to check that for yourself and, if you don’t find what you need, file an enhancement request with the details, and an explanation of why you need it.
And if you do file a bug, please post the bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] When reading that header, be aware that some of the more esoteric options are tagged with API_UNAVAILABLE(macos, ios, watchos, tvos), meaning that they’re not available anywhere! Those are SPIs not APIs, and we plan to remove them from the public header (r. 177023658).