I trying to encrypt peer to peer communication using TLS
handshake which uses startTLS
method of GCDAsyncSocket
library.
Bonjour services are published by server and client connects to published host name. After the socket connection is established i am calling startTLS
for server as shown below.
[settings setObject:[NSNumber numberWithBool:YES]
forKey:(NSString *)kCFStreamSSLIsServer];
[settings setObject:(__bridge id _Nonnull)(certs)
forKey:(NSString *)kCFStreamSSLCertificates];
CFRelease(certs);
settings[GCDAsyncSocketSSLProtocolVersionMin] = [NSNumber numberWithInteger:8];
[connectedSockets addObject:newSocket];
[newSocket startTLS:settings];
and client side below is the setting i am using.
NSMutableDictionary *settings = [[NSMutableDictionary alloc] init];
settings[GCDAsyncSocketSSLProtocolVersionMin] = [NSNumber numberWithInteger:4];
settings[GCDAsyncSocketSSLProtocolVersionMax] = [NSNumber numberWithInteger:8];
[settings setObject:[NSNumber numberWithBool:YES]
forKey:GCDAsyncSocketManuallyEvaluateTrust];
[settings setObject:(__bridge id _Nonnull)(certs)
forKey:(NSString *)kCFStreamSSLCertificates];
[sock startTLS:settings];
After this handshake started between client and server.
I was debugging the data transfer between these two with the help of wireshark
.
In wireshark
log it shows the handshake is happening with TCP protocol not with TLS
.
I want the handshake should happen over TLSv1.2 protocol. Attaching the screen shot for the same.
Can any body help me with sample code.
I was able to figure out what was the issue. It was problem with wireshark. In wireshark the secure port is 443, but for bonjour service the port is local so i hardcoded the port for bonjour services for ex 12120 and published the bonjour services.
Now in wireshark Edit->Preferences->Protocol->HTTP changed the secure port to 12120 after this wireshark started showing the proper log such as client hello and server hello etc over TLSv1.2. Thank you all for the support.