Tip: TCP and SSL

You may have noted in QA1652 that is now possible to use NSStreams for your TCP communication needs even though the iPhone has no NSHost class, by leveraging the NSStream <-> CFStream toll-free bridge; but we’ll bet you didn’t know that you can encrypt them with SSL easily:

… The way that we enable SSL encryption is to simply use setProperty:forKey: on both streams, setting the key NSStreamSocketSecurityLevelKey to a value that specifies the version of SSL to use. If you want to tell NSStream to use the highest version supported in common with the remote connection, specify NSStreamSocketSecurityLevelKey. That’s what you’ll usually want…

However, that’s for a somewhat optimistic value of “easily”:

… This code will work if everything is perfect. However, by default, SSL support in NSStream is a little paranoid. It won’t, for example, use a self-signed certificate or an expired certificate to establish a secure connection. NSStream does a number of validity checks when establishing the secure connection, and if they don’t all pass, the streams appear to be valid, but no data gets sent or received. This is somewhat frustrating…

Read the whole article for further advice and sample code!

0 Responses to “Tip: TCP and SSL”

  1. No Comments

Leave a Reply