> On Aug 30, 2015, at 1:29 PM, Motti Shneor <su...@bezeqint.net> wrote: > > However - I do not understand if I still need to encrypt the messages myself, > or whether ::CFWriteStreamWrite() (or its bridged [_outputStream > write:maxLength:] counterpart) should do it for me, when running with ATS > around? and If I need to do the encryption myself, What Cocoa/Cocoa-touch > APIs do I need to call to do this, in order to use the ATS recommended > encryption?
Just use the standard CFStream APIs to enable SSL. In a nutshell, you do this by setting the stream property kCFStreamPropertySSLSettings to a dictionary containing the specific settings. Once you do that, it’s all transparent: just open the streams and send/receive data. CFSocketStream.h declares all the necessary constants, with doc-comments, and I know Apple’s documentation explains in detail how to do all this, though I don’t have any URLs handy. (At a lower level you can use the SecureTransport API to do the SSL handshake and encryption explicitly, although it’s a lot more complex so I don’t think you’d want to, unless for some reason it makes it easier to replace your old SSL implementation.) > I could not find any sample code with CFNetwork only APIs that implements ATS > connections over TCP Don’t search for “ATS”, just search for “SSL"; the APIs for this have been around as long as OS X. There’s no programmatic API to ATS; the only change is that SSL is now required by default, and that there are some Info.plist keys to opt out of some of the requirements. —Jens
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/archive%40mail-archive.com This email sent to arch...@mail-archive.com
