2

enter image description hereI trying to encrypt peer to peer communication using TLS handshake which uses startTLS method of GCDAsyncSocket library. Bonjour services are published by server and client connects to published host name. After the socket connection is established i am calling startTLS for server as shown below.

[settings setObject:[NSNumber numberWithBool:YES]
             forKey:(NSString *)kCFStreamSSLIsServer];
[settings setObject:(__bridge id _Nonnull)(certs)
             forKey:(NSString *)kCFStreamSSLCertificates];
CFRelease(certs);
settings[GCDAsyncSocketSSLProtocolVersionMin] = [NSNumber numberWithInteger:8];

[connectedSockets addObject:newSocket];
[newSocket startTLS:settings];

and client side below is the setting i am using.

    NSMutableDictionary *settings = [[NSMutableDictionary alloc] init];
    settings[GCDAsyncSocketSSLProtocolVersionMin] = [NSNumber numberWithInteger:4];
    settings[GCDAsyncSocketSSLProtocolVersionMax] = [NSNumber numberWithInteger:8];
    [settings setObject:[NSNumber numberWithBool:YES]
                 forKey:GCDAsyncSocketManuallyEvaluateTrust];
    [settings setObject:(__bridge id _Nonnull)(certs)
                 forKey:(NSString *)kCFStreamSSLCertificates];
    [sock startTLS:settings];

After this handshake started between client and server. I was debugging the data transfer between these two with the help of wireshark. In wireshark log it shows the handshake is happening with TCP protocol not with TLS. I want the handshake should happen over TLSv1.2 protocol. Attaching the screen shot for the same. Can any body help me with sample code.

Jitendra Modi
  • 2,344
  • 12
  • 34
Gyanendra
  • 361
  • 2
  • 15
  • You should probably read about SSL/TLS and what handshake is. Handshake is what is required to setup TLS tunnel. It has to be done over open TCP channel, no other way around it. The only way to do handshake over TLS is to start TLS inside already established TLS tunnel. – creker Oct 10 '16 at 11:23
  • @creker Ok so ssl handshake will happen only over TCP protocol. Can you please let me know when TLSv1.2 protocol will come in the picture. – Gyanendra Oct 10 '16 at 11:28
  • after successful handshake – creker Oct 10 '16 at 11:33
  • @creker thanks after handshake if i will write any data to the socket in wireshark it should show TLSv1.2? Even if i write some data to the socket after successful handshake it shows as TCP protocol only. – Gyanendra Oct 10 '16 at 11:42

1 Answers1

0

I was able to figure out what was the issue. It was problem with wireshark. In wireshark the secure port is 443, but for bonjour service the port is local so i hardcoded the port for bonjour services for ex 12120 and published the bonjour services.

Now in wireshark Edit->Preferences->Protocol->HTTP changed the secure port to 12120 after this wireshark started showing the proper log such as client hello and server hello etc over TLSv1.2. Thank you all for the support.

Gyanendra
  • 361
  • 2
  • 15