iosobjective-ctls1.2bonjourgcdasyncsocket

GCDAsyncSocket with bonjour Service: does startTLS initiate TLS handshake


enter image description hereI trying to encrypt peer to peer communication using TLS handshake which uses startTLS method of GCDAsyncSocket library. Bonjour services are published by server and client connects to published host name. After the socket connection is established i am calling startTLS for server as shown below.

[settings setObject:[NSNumber numberWithBool:YES]
             forKey:(NSString *)kCFStreamSSLIsServer];
[settings setObject:(__bridge id _Nonnull)(certs)
             forKey:(NSString *)kCFStreamSSLCertificates];
CFRelease(certs);
settings[GCDAsyncSocketSSLProtocolVersionMin] = [NSNumber numberWithInteger:8];

[connectedSockets addObject:newSocket];
[newSocket startTLS:settings];

and client side below is the setting i am using.

    NSMutableDictionary *settings = [[NSMutableDictionary alloc] init];
    settings[GCDAsyncSocketSSLProtocolVersionMin] = [NSNumber numberWithInteger:4];
    settings[GCDAsyncSocketSSLProtocolVersionMax] = [NSNumber numberWithInteger:8];
    [settings setObject:[NSNumber numberWithBool:YES]
                 forKey:GCDAsyncSocketManuallyEvaluateTrust];
    [settings setObject:(__bridge id _Nonnull)(certs)
                 forKey:(NSString *)kCFStreamSSLCertificates];
    [sock startTLS:settings];

After this handshake started between client and server. I was debugging the data transfer between these two with the help of wireshark. In wireshark log it shows the handshake is happening with TCP protocol not with TLS. I want the handshake should happen over TLSv1.2 protocol. Attaching the screen shot for the same. Can any body help me with sample code.


Solution

  • I was able to figure out what was the issue. It was problem with wireshark. In wireshark the secure port is 443, but for bonjour service the port is local so i hardcoded the port for bonjour services for ex 12120 and published the bonjour services.

    Now in wireshark Edit->Preferences->Protocol->HTTP changed the secure port to 12120 after this wireshark started showing the proper log such as client hello and server hello etc over TLSv1.2. Thank you all for the support.