iOS 安全传输 TLS 扩展
[英]iOS Secure Transport TLS extensions
问题描述
I am developing an application that talks to a peer via a secure channel.
我正在开发一个通过安全通道与对等方对话的应用程序。 The data is secured via Apple's Secure Transport Framework.数据通过 Apple 的安全传输框架进行保护。 I am actually trying to remove the TLS extensions from the Client Hello message by configuring the SSLContextRef object but the extensions remained.我实际上试图通过配置 SSLContextRef 对象从 Client Hello 消息中删除 TLS 扩展,但扩展仍然存在。
Is it possible to remove TLS extensions from the Client Hello message that is sent to the server ?是否可以从发送到服务器的客户端问候消息中删除 TLS 扩展? If possible then what are the extensions that can be configured ?如果可能,那么可以配置哪些扩展?
Thanks.谢谢。
1 个解决方案
解决方案1
0 2020-05-01 12:37:01
I recently created a code package for handling TLS that takes into account the new TLS restrictions imposed by apple for iOS 13. Here is a link:我最近创建了一个用于处理 TLS 的代码包,它考虑到了苹果对 iOS 13 施加的新 TLS 限制。这是一个链接:
https://github.com/eamonwhiter73/IOSObjCWebSockets https://github.com/eamonwhiter73/IOSObjCWebSockets
With how I structure things, the point in the code you want to change is probably here (if you are using Network.h package):根据我的结构,您想要更改的代码点可能在这里(如果您使用的是 Network.h 包):
nw_parameters_configure_protocol_block_t configure_tls = NW_PARAMETERS_DISABLE_PROTOCOL;
nw_parameters_t parameters = nw_parameters_create_secure_tcp(
configure_tls,
NW_PARAMETERS_DEFAULT_CONFIGURATION
);
Instead of a long confusing configure_tls block (like in my code), if you want to disable TLS, you can pass NW_PARAMETERS_DISABLE_PROTOCOL in place of where you would pass the configure_tls block (if you were to configure a secure connection).如果你想禁用 TLS,你可以传递NW_PARAMETERS_DISABLE_PROTOCOL代替传递configure_tls块的位置(如果你要配置安全连接),而不是长时间混乱的configure_tls块(就像在我的代码中一样)。 Hope this helps.希望这可以帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.