0

What is the correct way to create a SSL socket connection in iOS?

I've implemented a SSL server in Java by:

  • creating a SSL certificate with a store password
  • loading it by setting the system properties "javax.net.ssl.keyStore" and "javax.net.ssl.keyStorePassword"
  • creating a SSLServerSocket with the SSLServerSocket factory

Now I want to create a client app which opens a socket connection in a thread and communicates over that. What is the proper way to create such a connection and do the communication with my servers certificate?

maxdev
  • 2,491
  • 1
  • 25
  • 50

2 Answers2

2

You can use NSInputStream and NSOutputStream to connect using TLS as per the answer to this question.

EDIT: Rather than use the SSL settings in that answer, I would suggest this:

NSDictionary *settings = @{ 
    (__bridge NSString *)kCFStreamPropertySocketSecurityLevel:(__bridge NSString *)kCFStreamSocketSecurityLevelNegotiatedSSL 
};

This uses the following defaults:

kCFStreamSSLAllowsExpiredCertificates:  NO
kCFStreamSSLAllowsAnyRoot: NO
kCFStreamSSLValidatesCertificateChain: YES

If you want to set the security level to use a particular version of SSL or TLS, take a look at the values in CFSocketStream.h.

Community
  • 1
  • 1
neilco
  • 7,964
  • 2
  • 36
  • 41
  • Thanks, but is it safe to use _kCFStreamSSLAllowsAnyRoot_? – maxdev Dec 08 '13 at 21:11
  • 1
    Safe, yes because it's a valid option. Is it secure? No. – neilco Dec 08 '13 at 21:16
  • So then.. what would be the right way to create a _secure_ connection? ;) – maxdev Dec 08 '13 at 21:18
  • Okay, so far so good, but as my streams do not allow "any root" anymore, how do I make my servers SSL certificate to be allowed? – maxdev Dec 08 '13 at 21:52
  • 1
    If you need to allow any root, then apply that setting. If you want to use a custom root certificate, ensure it's in the keychain on your device. – neilco Dec 08 '13 at 21:55
-1

There is no need to create a certificate if you are making a client app not a server one. To do it in iOS, there are a number of ways, the simplest is to use AFNetworking library. Just put the url (https) inside one of its methods, and you are ready. I used it many times. Just spend 5 mins to read the doc.

gdm
  • 7,647
  • 3
  • 41
  • 71
  • 3
    `SSLServerSocket` is, as one would imagine, a socket server and not a web server. – neilco Dec 08 '13 at 21:06
  • @guiseppe I don't want to create just a client that opens some kind of HTTPS connection. I want to create a SSL socket connection to my own Java server where I cant send plain bytes... – maxdev Dec 08 '13 at 21:06