iossslnsoutputstreamtls1.2

iOS NSOutputStream split data after first sign


We are currently developing a TLS-server-client-application. For testing the client send a command with the content "0001" and the server sends an answer.
The client send the data via the write-method of an NSOutputStream. When the data is send first time, it arrives completely. When I'm sending it a second or third time the data is split after the first byte. The server get first "0" and than the rest "001". I have no idea why it is split.

The communication looks like:
ServerConnect
send to server: 0001
receive from server: OK
send to server: 0
receive from server: error
send to server: 001
receive from server: error
send to server: 0
receive from server: error
send to server: 001
receive from server: error
ServerDisconnect

I hope someone can help me with this.

- (void)initNetworkCommunication:(NSString*)ns_IP :(UInt32)ui_Port :(BOOL)b_ValidateCertificate
{

    CFReadStreamRef readStream;
    CFWriteStreamRef writeStream;

    CFStreamCreatePairWithSocketToHost(NULL, (__bridge CFStringRef)ns_IP, ui_Port, &readStream, &writeStream);

    inputStream = (__bridge NSInputStream *)readStream;
    outputStream = (__bridge NSOutputStream *)writeStream;

    [inputStream setDelegate:(id)self];
    [outputStream setDelegate:(id)self];

    [inputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
    [outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];

    NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
                          [NSNumber numberWithBool:b_ValidateCertificate], kCFStreamSSLValidatesCertificateChain,
                          [NSNumber numberWithBool:YES], kCFStreamPropertyShouldCloseNativeSocket,
                          kCFNull,kCFStreamSSLPeerName,
                          kCFStreamSocketSecurityLevelSSLv3, kCFStreamSSLLevel,
                          nil];

    CFReadStreamSetProperty((CFReadStreamRef)inputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
    CFWriteStreamSetProperty((CFWriteStreamRef)outputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);

    [inputStream open];
    [outputStream open];   
}
- (BOOL) sendData:(NSString*)ns_SendData :(NSUInteger)nui_bufferLength
{
  NSUInteger nui_length = [ns_SendData length];
  NSUInteger nui_chunkSize = nui_bufferLength;
  NSUInteger nui_offset = 0;
  long l_Result;

  NSString *ns_response  = [NSString stringWithFormat:@"%@", ns_SendData];
  NSData *nd_data = [[NSData alloc] initWithData:[ns_response dataUsingEncoding:NSASCIIStringEncoding]];

  // a  none-ASCII-symbol exists
  if ([nd_data length] == 0)
    return FALSE;

  // split the data
  do {
    NSUInteger nui_thisChunkSize = nui_length - nui_offset > nui_chunkSize ? nui_chunkSize : nui_length - nui_offset;
    NSData* chunk = [NSData dataWithBytesNoCopy:(char *)[nd_data bytes] + nui_offset
                                         length:nui_thisChunkSize
                                   freeWhenDone:NO];
    nui_offset += nui_thisChunkSize;

    // send data to server
    l_Result = [outputStream write:[chunk bytes] maxLength:[chunk length]];
    NSLog(@"%s - %lu", __PRETTY_FUNCTION__, l_Result);

    if (l_Result == -1) {
        NSLog(@"error sending data");
        return false;
    }

  } while (nui_offset < nui_length);

  return true;
}

Solution

  • The problem is solved by using TLS 1.2. See the AppTechnical Note TN2287

        const void* keys[] = { kCFStreamSSLValidatesCertificateChain,   kCFStreamSSLLevel };
        // New CFString values available only on iOS 5:
        // (if these values are used on versions before iOS 5, then will
        //    default to max TLS 1.0, min SSLv3)
        // kCFStreamSocketSecurityLevelTLSv1_0SSLv3 configures max TLS 1.0, min SSLv3
        // (same as default behavior on versions before iOS 5).
        // kCFStreamSocketSecurityLevelTLSv1_0 configures to use only TLS 1.0.
        // kCFStreamSocketSecurityLevelTLSv1_1 configures to use only TLS 1.1.
        // kCFStreamSocketSecurityLevelTLSv1_2 configures to use only TLS 1.2.
        const void* values[] = { CFSTR("kCFBooleanTrue"), CFSTR("kCFStreamSocketSecurityLevelTLSv1_2") };
    
        CFDictionaryRef sslSettingsDict = CFDictionaryCreate(kCFAllocatorDefault, keys, values, 2,
                                                             &kCFTypeDictionaryKeyCallBacks,
                                                             &kCFTypeDictionaryValueCallBacks);
    
        CFReadStreamSetProperty(readStream, kCFStreamPropertySSLSettings, sslSettingsDict);
        CFWriteStreamSetProperty(writeStream, kCFStreamPropertySSLSettings, sslSettingsDict);
        CFRelease(sslSettingsDict);