I am trying to disable some ciphers (weak) such as single DES, single DES 40 bit etc.
I've tried using this bit of code from How does one set SSL ciphers when using CFSocket/CFStream in Cocoa? and from mailing list message CFNetwork SSL and long blocking delays but I need access to socket data to get the CFDataRef.
Here is the code that I tried to insert in the handshake method in AFURLConnectionOperation class:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge (NSURLAuthenticationChallenge *)challenge{
CFReadStreamRef stream = [sock getCFReadStream];
CFDataRef data = CFReadStreamCopyProperty(stream, kCFStreamPropertySocketSSLContext);
// Extract the SSLContextRef from the CFData
SSLContextRef sslContext;
CFDataGetBytes(data, CFRangeMake(0, sizeof(SSLContextRef)), &sslContext);
// Get all enabled ciphers
size_t numCiphers;
SSLGetNumberEnabledCiphers(sslContext,&numCiphers);
SSLCipherSuite ciphers[numCiphers];
SSLGetEnabledCiphers(sslContext,ciphers,&numCiphers);
// Create a new cipher array with only non-DH ciphers, and set it
SSLCipherSuite finalCiphers[numCiphers];
int numFinalCiphers = 0;
for(int i=0; i<numCiphers; i++) {
SSLCipherSuite suite = ciphers[i];
if(!cipherSuiteUsesDH(suite)) {
finalCiphers[numFinalCiphers] = suite;
numFinalCiphers++;
}
}
SSLSetEnabledCiphers(sslContext,finalCiphers,numFinalCiphers);
}
Any and all help would be appreciated.
EDIT: Unfortunately this is an existing project and it still uses version 1 of AFNetworking.
Using SSLSetEnabledCiphers with AFNetworking to disable weak ciphers
OK, this one piqued my interest because its something I do in other languages, but not Cocoa/CocoaTouch. Its been on my TODO list for some time. The answer is you can't do it when working with the high level objects like NSURLConnection.
I could not find a way to bridge the gap between NSURLConnection and friends and the low level stuff needed to set the cipher suits. If you are interested, the "highest" the low level stuff goes is CFSocketStream. So the job is to get NSURLConnection to work with a CFSocketStream (or access the CFSocketStream in the NSURLConnection).
I also mirrored your question on Apple's Network Programming mailing list, and both Jens and Quinn confirmed it (Quinn provided the info on CFSocketStream). See Configure socket used by NSURLConnection?.
Also, in case you did not realize it, attempting to modify the properties in -connection:didReceiveAuthenticationChallenge: is too late. By the time you get the authentication challenge, the handshake is already in progress (i.e., the ClientHello has already been sent).
If you do manage to find a hack to do it, then please post it.
Related
I'm having trouble performing a write on a control point characteristic.
Perhaps I'm providing an erroneous value, as I don't fully understand the nature of a control point. I've noted some of the specs about the control point value next to implementation.
Even so, wouldn't I receive a more detailed error description than ATT Unknown, so Im having trouble figuring out the root cause.
char buffer[1];
buffer[0] = 0x01; // opCode - 1 byte
// buffer[1] = 0x00; // Operand - variable length, N/A in this case
// buffer[2] = 0x00; // Crypto Data, 3 bytes, (handled by encryption manager? investigating)
NSData *data = [NSData dataWithBytes:buffer length:1];
NSData *data2 = [self.encryptionManager encrypt:data];
[_peripheral writeValue:data2 forCharacteristic:characteristic type:CBCharacteristicWriteWithResponse];
By the way, all other profiles/control points can be successfully read and written to. And this has been successfully tested on Android - not by me.
It is your remote device that returns that error code. The specification mentions when the device should send this code as following:
2.3 CLIENT CHARACTERISTIC CONFIGURATION DESCRIPTOR IMPROPERLY CONFIGURED (0xFD)
The Client Characteristic Configuration Descriptor Improperly Configured error code is used when a Client Characteristic Configuration descriptor is not configured according to the requirements of the profile or service.
If the error code is being used correctly - I can't tell. Please read the documentation for your remote device how it should be used. Because now it's a bit like you're asking why a random http server responds with error 500.
"Control point" more or less just means a characteristic you write to.
I would like to find out programmatically if the user is using a proxy in iOS. Is there a way to detect it with the new api's (ios 7 or 8)?
Also, Is it possible to find out if the user has proxy unknowingly?
you can simply find the proxy in the CFDictionaryRef response.
CFDictionaryRef dicRef = CFNetworkCopySystemProxySettings();
if proxy is enable then you can parse it like this.
const CFStringRef proxyCFstr = (const CFStringRef)CFDictionaryGetValue(dicRef,
(const void*)kCFNetworkProxiesHTTPProxy);
based on this you can make detect if proxy is enabled or not.
By default NSStream based sockets do not detect the System proxy settings, which is very inconvenient if you are trying to debug your NSStream based SSL traffic in Charles Proxy for example. To set the proxy setting for the streams I simply use:
NSInputStream *inStream;
NSOutputStream *outStream;
//...assign the streams...
NSDictionary *proxySettings = CFBridgingRelease(CFNetworkCopySystemProxySettings());
[inStream setProperty:proxySettings forKey:NSStreamSOCKSProxyConfigurationKey];
[outStream setProperty:proxySettings forKey:NSStreamSOCKSProxyConfigurationKey];
I am using compiled version of rtmp-dump from github in my iOS project. Following is the code to connect to the server.
rtmp = RTMP_Alloc();
RTMP_Init(rtmp);
NSString *url = #"rtmp://192.168.0.119:1935/red5/sw231/";
char *strUrl = (char *)[url cStringUsingEncoding:NSASCIIStringEncoding];
RTMP_SetupURL(rtmp, strUrl);
RTMP_Connect(rtmp, NULL);
Since the proper documentation of rtmp-dump OR lib-rtmp is not available I want to know the methods that I can use for the following functionalities.
I want to send an array of values while connecting. My query is by what method of rtmp-dump can I send values to the server when connecting?
How can I call certain methods of the server and pass parameters to the server?
How can I receive response from the server? As well as how can I implement client-side method invocation through rtmp-dump?
How can I explicitly provide the name of the stream which I want to play or listen to after connecting?
By using RTMP_Close(), will I be able to disconnect the connection?
I know this post was asked 12 months ago but this may be usefull.
Download this and see the examples of usage of librtmp. I don't know why this library has no documentation but following that examples can help you a bit.
I need to compress data sent over a secure channel in my iOS app and I was wondering if I could use TLS compression for the same. I am unable to figure out if Apple's TLS implementation, Secure Transport, supports the same.
Does anyone else know if TLS compression is supported in iOS or not?
I was trying to determine if Apple implementation of SSL/TLS did support compression, but I have to say that I am afraid it does not.
At first I was hopeful that having a errSSLPeerDecompressFail error code, there has to be a way to enable the compression. But I could not find it.
The first obvious reason that Apple doesn’t support compression is several wire captures I did from my device (6.1) opening secure sockets in different ports. In all of them the Client Hello packet reported only one compression method: null.
Then I looked at the last available code for libsecurity_ssl available from Apple. This is the implementation from Mac OS X 10.7.5, but something tells me that the iOS one will be very similar, if not the same, but surely it will not be more powerful than the Mac OS X one.
You can find in the file sslHandshakeHello.c, lines 186-187 (SSLProcessServerHello):
if (*p++ != 0) /* Compression */
return unimpErr;
That error code sounds a lot like “if the server sends another compression but null (0), we don’t implement that, so fail”.
Again, the same file, line 325 (SSLEncodeClientHello):
*p++ = 0; /* null compression */
And nothing else around (DEFLATE is the method 1, according to RFC 3749).
Below, lines 469, 476 and 482-483 (SSLProcessClientHello):
compressionCount = *(charPtr++);
...
/* Ignore list; we're doing null */
...
/* skip compression list */
charPtr += compressionCount;
I think it is pretty clear that this implementation only handles the null compression: it is the only one sent in the Client Hello, the only one understood in the Server Hello, and the compression methods are ignored when the Client Hello is received (null must be implemented and offered by every client).
So I think both you and me have to implement an application level compression. Good luck.
I've checked for other questions relevant to this, but the only answer is "Use ASIHTTPRequest" as this is no longer being developed I wanted to ask what alternatives people are using, whilst working on our SDK I came across a lot of strange behaviour in NSURLConnection when receiving data from the server.
We tracked it down to the fact that NSURLConnection doesn't deal well with responses in chunked-encoding. Or at least so we read in this question here NSURLConnection and "chunked" transfer-coding
Some developers we were talking to say it gets better in iOS 5, we need to make sure that our SDK is backwards compatible with iOS 4.3 at least.
I want to confirm this is infact an issue in NSURLConnection, and how people are dealing with it.
All the alternatives I've found so far are based off of NSURLConnection and I'm assuming as such will have the same flaw. ASIHTTPRequest did in fact work because it's based a little lower than NSURLConnection, but were looking for alternatives in the knowledge it's no longer supported.
A list of other libraries looked at are:
Restkit,
ShareKit,
LRResty,
AFNetworking,
TTURLRequest
I'm aware there are similar questions here Is RESTKit a good replacement for ASIHTTPRequest? and here ASIHTTPRequest alternative But both of the solutions are based off NSURLConnection.
EDIT: I noticed I pointed to the wrong question at the start of my post, so thats updated. It points to a thread from 2008, and i've seen similar ones but none that are recent.
Chunked transfers are supported by NSURLConnection. I use them.
Define some props:
NSMutableData * responseData;
NSURLConnection * connection;
Establish a connection
NSURL *url = [NSURL URLWithString:#"...."];
self.responseData = [[NSMutableData alloc] initWithLength:0] ;
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url];
self.connection = [[NSURLConnection alloc] initWithRequest:request delegate:self startImmediately:YES];
Register your callback method for connection established
- (void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response {
// You may have received an HTTP 200 here, or not...
[responseData setLength:0];
}
Register your callback method for "chunk received"
- (void)connection:(NSURLConnection *)connection didReceiveData:(NSData *)data {
NSString* aStr = [[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding];
NSLog(#"This is my first chunk %#", aStr);
}
Register your "connection finished" callback:
- (void)connectionDidFinishLoading:(NSURLConnection *)connection {
[connection release];
}
And finally, register you "connection failed" callback:
- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error {
NSLog(#"Something went wrong...");
}
Just to chime in for the next person that gets here and still can't get NSURLConnection to work with chunk encoded data.
NSURLConnection will work with chunked encoding, but has non-disclosed internal behaviour such that it will buffer first 512 bytes before it opens the connection and let anything through IF Content-Type in the response header is "text/html", or "application/octet-stream". This pertains to iOS7 at least.
However it doesn't buffer the response if Content-Type is set to "text/json". So, whoever can't get chunked encoded NSURLConnection responses to work (i.e. callbacks aren't called) should check the response header and change it on the server to "text/json" if it doesn't break application behaviour in some other way.
There aren't any alternatives I'm aware of.
All the other libraries are built on top of NSURLConnection. Though you could use one of the non-iOS libraries, eg. libcurl.
ASIHTTPRequest is the only library I'm aware of that's built on top of the CFNetworking layer instead. This was (perhaps indirectly) the main reason the original developer stopped working on it - because it doesn't use NSURLConnection it has a lot of code.
It's probably not strictly correct to say that ASIHTTPRequest is no longer supported. It is true that the original developer no longer works on it, but if you look at the github commits you'll see it is still being worked on by other people. A lot of people still use it, for various reasons, myself included.
Having said all that, to go back to the problem you have: I'm not sure a 3 year old thread is necessarily a definitive reference to prove that a 1 year old release (ie. iOS 4.3) of NSURLConnection doesn't support chunked transfers. Chunked transfers are used so much on the web that it seems highly unlikely it would have a problem this large and obvious. It's possible there is something very particular to the server that you're using that is causing the issue.