Excellent news Ted, glad you are all up and running. Cheers,
--J On 7 January 2014 15:30, Ted Rogers <[email protected]> wrote: > Hey Jools, > > Thanks for your help on this. I decided to go with the defaults for all > the > settings for now and things seem to be working fine. > > Ted > > -----Original Message----- > From: Jools [mailto:[email protected]] > Sent: Wednesday, January 01, 2014 6:12 AM > To: [email protected] > Subject: Re: iOS SSL Thrift Connection > > Hi Ted, > > It really depends on the environment you are working in, where the clients > and servers are located and how you go about testing the code in your > development environment. > > You really need to make some time to understand how SSL works (Just google > it, there are lots of very well written pages) and map them back to the > StreamSocket settings. > > If the data is sensitive, then get some input from the business as they may > have contractual obligations which relate to how the data is transmitted. > > Hope that helps ! > > --Jools > > > > > On 31 December 2013 20:23, Ted Rogers <[email protected]> wrote: > > > Jools, > > > > Thanks for your help. > > > > I do have another question. I have been searching for examples of > > setting up SSL with sockets on iOS and they all have similar code > > which concerns me because it seems to reduce the security. > > > > After setting the NSStreamSocketSecurityLevelKey property, they also > > configure these settings like this: > > > > NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys: > > [NSNumber numberWithBool:YES], > > kCFStreamSSLAllowsExpiredCertificates, > > [NSNumber numberWithBool:YES], > > kCFStreamSSLAllowsAnyRoot, > > [NSNumber numberWithBool:NO], > > kCFStreamSSLValidatesCertificateChain, > > kCFNull,kCFStreamSSLPeerName, > > nil]; > > CFReadStreamSetProperty((CFReadStreamRef)inputStream, > > kCFStreamPropertySSLSettings, (CFTypeRef)settings); > > CFWriteStreamSetProperty((CFWriteStreamRef)outputStream, > > kCFStreamPropertySSLSettings, (CFTypeRef)settings); > > > > Do you know whether I should be messing with any of these settings or > > just leave them at their default value? > > > > Ted > > > > -----Original Message----- > > From: Jools [mailto:[email protected]] > > Sent: Tuesday, December 31, 2013 1:33 AM > > To: [email protected] > > Subject: Re: iOS SSL Thrift Connection > > > > Ted, > > > > I'm still using .6, as we've hacked it about so much I've not had time > > to merge my changes forward. > > > > I was just curious which version you are using. > > > > Best of luck, if you hit any issues post back here and I'm sure we'll > > be able to help. > > > > Cheers, > > > > --Jools > > > > > > > > On 30 December 2013 21:52, Ted Rogers <[email protected]> wrote: > > > > > Jools, > > > > > > Not sure of current version as I can't find the version number in > > > the source or headers but I figured I would make sure I was using > > > the latest which I believe is 0.9.1. > > > > > > Is there a reason to do more than setting the stream properties? > > > > > > Ted > > > > > > -----Original Message----- > > > From: Jools [mailto:[email protected]] > > > Sent: Monday, December 30, 2013 3:01 PM > > > To: [email protected] > > > Subject: Re: iOS SSL Thrift Connection > > > > > > Hi Ted, > > > > > > Yes, you can alter the stream properties to introduce SSL handshaking. > > > > > > Which version of thrift are you using ? > > > > > > --Jools > > > > > > > > > > > > > > > On 30 December 2013 19:31, Ted Rogers <[email protected]> wrote: > > > > > > > Jools, > > > > > > > > Thanks for the response. I am also using TNSFramedTransport. I > > > > inherited this code so I am hanging on by my fingertips. :) After > > > > doing some more research I was wondering whether it was enough to > > > > just set the security level on the streams before opening them by > > > > setting the NSStreamSocketSecurityLevelKey and > > > > kCFStreamPropertySSLSettings properties on the streams in > > TSocketClient. > > > > I assume that is not enough? > > > > Ted > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, Dec 30, 2013 at 2:11 PM, Jools <[email protected]> wrote: > > > > > > > > > Hi Ted, > > > > > > > > > > I hit this exact problem a while back, and ended up creating a > > > > > my own transport using GCDAsyncSocket, as I also needed SSL > > > > > support along with Framed Transport. > > > > > > > > > > See https://github.com/robbiehanson/CocoaAsyncSocket for more > > > > information > > > > > on this rather nifty library. > > > > > > > > > > If you'd like access to the code, let me know and I'd be happy > > > > > to post it up. > > > > > > > > > > Regards, > > > > > > > > > > --Kools > > > > > > > > > > > > > > > On 30 December 2013 17:07, Ted Rogers <[email protected]> wrote: > > > > > > > > > > > > > > > > > I'm looking to secure an existing Thrift connection using SSL. > > > > > > I see libraries for doing this with Java using > > > > > > TSSLTransportFactory but I > > > > don't > > > > > > see any Cocoa source for this. > > > > > > > > > > > > Any suggestions on how I go about doing this? > > > > > > > > > > > > Ted > > > > > > > > > > > > > > > > > > > > >
