WSS/TLS websocket connection with Swift iOS

Question

SOLVED (following answer)

I am using Starscream library to create a safe websocket wss in the test server we have a self-signed certificate and I find it impossible to make the connection.

var socket = WebSocket(url: NSURL(scheme: "wss", host: "selfsignedserver.com", path: "/")!)

Log

2014-12-16 10:38:10.260 pruebasignin[2135:363455] CFNetwork SSLHandshake failed (-9807)
websocket is disconnected: The operation couldn’t be completed. (OSStatus error -9807.)

~~and when I try to connect to a server certificate valid also fails to connect~~ SOLVED

var socket = WebSocket(url: NSURL(scheme: "wss", host: "production.com", path: "/")!)

Log

websocket is disconnected: Invalid HTTP upgrade

@Rafa yes, my server are using https and wss, I need to allow my self-signed certificate — Ch4vi, Dec 16 '14 at 15:15
And https is working, but the handshake not... this is strange, I never had this, sorry I cannot help. — Rafa, Dec 16 '14 at 15:16

Bart van Kuik · Answer 1 · 2020-03-31T07:24:17.107

3

Starscream now supports a flag so you can use self-signed certificates: https://github.com/daltoniam/Starscream/blob/bf0146db269249d200bb3bc4185cb5724cfa2ae8/README.md#self-signed-ssl-and-voip

(Edited for posterity; links to the README that was published as of April 2016)

edited Mar 31 '20 at 07:24

answered Apr 19 '16 at 09:02

Bart van Kuik

4,704
1
33
57

It does not answer the question because you can't find anything inside this link. – JBarros35 Mar 06 '20 at 16:40

score 2 · Accepted Answer · answered Dec 16 '14 at 15:49

2

I solved the problem by allowing self-signed certificates Starscream modifying the library. To this must be added the arcivo WebSocket.swift the following code:

if url.scheme == "wss" || url.scheme == "https" {
        inputStream!.setProperty(NSStreamSocketSecurityLevelNegotiatedSSL, forKey: NSStreamSocketSecurityLevelKey)
        outputStream!.setProperty(NSStreamSocketSecurityLevelNegotiatedSSL, forKey: NSStreamSocketSecurityLevelKey)

        /* My code */
        var settings = Dictionary<NSObject, NSObject>()
        settings[kCFStreamSSLValidatesCertificateChain] = NSNumber(bool:false)
        settings[kCFStreamSSLPeerName] = kCFNull

        CFReadStreamSetProperty(self.inputStream, kCFStreamPropertySSLSettings, settings)
        CFWriteStreamSetProperty(self.outputStream, kCFStreamPropertySSLSettings, settings)
        /* End my code*/

    }

answered Dec 16 '14 at 15:49

Ch4vi

391
1
5
18

The problem here is: a man-in-the-middle attack is easy to perform and you won nothing of this certificate. This "allow all and don't proof at all" mentality seems to be normal... using this in productivity could bring you some trouble. You should look for a way to add your certificate to your cert chain and proof against it – geo Feb 03 '15 at 11:11
@geo Yes, you are right, but in my case it's only for a test servers, we have a certificate only on the production server. – Ch4vi Feb 19 '15 at 19:17
what do you use for the server side? – uchuugaka Jun 25 '15 at 06:37
This is already done in the library now, by setting the flag `selfSignedSSL = true` to your WebSocket object. – esh Jul 27 '16 at 02:41

WSS/TLS websocket connection with Swift iOS

2 Answers2