Comments (6)
This is almost 100% not a swift-nio(-transport-services)
issue. There are really two possibilities:
- Network.framework issue
- PSK (identity) incorrect
from swift-nio-transport-services.
Finally, it works when passing PSK Identity on
sec_protocol_options_set_pre_shared_key_selection_block
Working code is below:
if #available(iOS 13.0, *) {
sec_protocol_options_set_pre_shared_key_selection_block(tlsOptions.securityProtocolOptions, { (sec, dispatchData, sec_protocol_pre_shared_key_selection_complete) in
sec_protocol_pre_shared_key_selection_complete(pskIdentity as __DispatchData)
}, DispatchQueue(label: "com.psk"))
} else {
// Fallback on earlier versions
}
Am closing this issue :)
from swift-nio-transport-services.
@ranmyfriend I can connect for TLS 1.2 - PSK using NIOTSConnectionBootstrap. But not able to do it for TLS 1.3 after adding ciphersuites like below:
sec_protocol_options_add_pre_shared_key(tlsOptions.securityProtocolOptions, psk as __DispatchData, identity as __DispatchData)
sec_protocol_options_add_tls_ciphersuite(tlsOptions.securityProtocolOptions, TLS_PSK_WITH_AES_128_GCM_SHA256)
Can you elaborate on how PSK in Swift nio can be achieved for TLS 1.3. Am having trouble in connecting with TLS 1.3 through PSK.
from swift-nio-transport-services.
@kalaivanivelusamy
Actually TLS 1.3 onwards the weak ciphers are not allowed. So apple they are restricting when it comes to security. Even though if you would have added into sec_protocol_options_add_tls_ciphersuite
but not reached out to your server. you can clearly able to checkout using Wireshark Tool
. So, for this we have enabled strong cipher on the server side which apple supports on TLS 1.3. Then we have added from our client side. This is the only solution we have figured out.
from swift-nio-transport-services.
@ranmyfriend thanx for the feedback. Actually server has strong cipher like CHACHA20_POLY1305_SHA256 and client is using 3 ciphersuites (.AES_128_GCM_SHA256, .AES_256_GCM_SHA384,.CHACHA20_POLY1305_SHA256)
wireshark shows client hello
handshake is failed
. On inspecting Client hello message, extensions
like supported versions ,key share which are for 1.3 are missing
in my client hello message.
sec_protocol_options_add_pre_shared_key
. and sec_protocol_options_append_tls_ciphersuite
are the extras am adding in client side to facilitate tls 1.3.
Am i missing any configuration in tlsoptions of this NIOTSConnectionBootstrap to support 1.3?
NIOTSConnectionBootstrap(group: group)
.channelOption(ChannelOptions.socket(SocketOptionLevel(SOL_SOCKET), SO_REUSEADDR), value: 1)
.tlsOptions(tlsOptions)
.connectTimeout(TimeAmount.seconds(10))
.channelInitializer { channel in
channel.pipeline.addHandler(self.handler)
from swift-nio-transport-services.
@kalaivanivelusamy
We have used RSA_WITH_AES_256_GCM_SHA384
cipher. and dont know about this .CHACHA20_POLY1305_SHA256
. Check your Wireshark packet whether in the client hello call shows your cipher or not. and check with your server team as well.
from swift-nio-transport-services.
Related Issues (20)
- Compile failure on Windows HOT 5
- NIOFilterEmptyWritesHandler isn't guarded by `if #canImport(Network)` HOT 1
- Application Crash when attempting to connect to `Ports > UInt16.max` HOT 2
- Adding to iOS project hides all simulators and devices
- Cannot get NIO transport services to resolve - still not working :-( HOT 8
- Can't build for release on iOS 15 HOT 1
- Adopt new Channel-focused APIs from NIO
- Failed to build module 'Network'; this SDK is not supported by the compiler HOT 2
- Example for Bounjour service announcement would be useful HOT 4
- Race condition when closing connection HOT 4
- copy-paste error in NIOTSConnectionChannel getOption0 allowLocalEndpointReuse HOT 4
- Add Async Await support to NIOTSListenerBootstrap childChannelInitializer HOT 1
- flaky test `NIOTSChannelOptionsTests.testDataTransferReport`
- xcodebuild is failed HOT 3
- Flaky test -[NIOTransportServicesTests.NIOTSChannelOptionsTests testDataTransferReport] HOT 1
- Make `NIOTSNetworkEvents` initialisers public
- URGENT : NIOTransportServices / NIOTSConnectionBootstrap is only available in macOS 10.14 or newer HOT 9
- There is no typed bind function that takes a unixDomainSocketPath HOT 2
- Edgar
- iPhone
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swift-nio-transport-services.