我试图使用GCDAsyncSocket写一个受弱保护的服务器(即我可以使用匿名密码连接到的东西)。我目前正在做的是:
绑定到端口并开始聆听
...
BOOL result = [serverSocket acceptOnPort:port error:&error];
...
然后,当指定端口上的连接到达时,我会在- (void)socket:(GCDAsyncSocket *)sender didAcceptNewSocket:(GCDAsyncSocket *)newSocket回调中收到它。在这里,我使用我的SSL / TLS设置创建一个字典:
NSMutableDictionary *settings = [[NSMutableDictionary alloc] init];
NSArray* ciphers = [[NSArray alloc] initWithObjects: [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_AES_256_CBC_SHA256], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_AES_256_CBC_SHA], [NSNumber
numberWithUnsignedInt:SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA] , [NSNumber
numberWithUnsignedInt:SSL_DH_anon_EXPORT_WITH_RC4_40_MD5] , [NSNumber
numberWithUnsignedInt:SSL_DH_anon_WITH_DES_CBC_SHA], [NSNumber
numberWithUnsignedInt:SSL_DH_anon_WITH_RC4_128_MD5], [NSNumber
numberWithUnsignedInt:SSL_NULL_WITH_NULL_NULL], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_3DES_EDE_CBC_SHA], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_AES_128_CBC_SHA], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_AES_128_CBC_SHA256], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_AES_128_GCM_SHA256], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_AES_256_GCM_SHA384], [NSNumber
numberWithUnsignedInt:TLS_DH_anon_WITH_RC4_128_MD5], nil]; //all anon ciphers
[settings setObject:ciphers forKey:GCDAsyncSocketSSLCipherSuites];
//this is a server
[settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString*)kCFStreamSSLIsServer];
[newSocket startTLS:settings]; //apply the settings to new connection
通过调用startTLS应用设置后,newSocket断开连接,- (void)socketDidDisconnect:(GCDAsyncSocket *)sock withError:(NSError *)error被调用,错误代码为9800(errSSLProtocol)。
问题:我做错了什么/不做什么?
我的猜测是,它与我没有指定的证书有关。但如果我正在做一个匿名密码,我是否需要指定证书?
答案 0 :(得分:0)
看起来我终于搞清楚了。上面的代码绝对正确。问题是我使用基于OpenSSL的客户端进行连接,默认使用SSLv2。事实证明,SSLv2在OpenSSL中有一个错误的实现,因此与同一协议的其他实现(例如Apple的实现)不完全兼容,即使它与使用OpenSSL的其他组件良好通信。通过强制客户端使用TLSv1(即使它可能是SSLv3)正确实现,解决了这个问题。