thrift-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jools <jool...@gmail.com>
Subject Re: iOS SSL Thrift Connection
Date Tue, 07 Jan 2014 17:14:36 GMT
Excellent news Ted, glad you are all up and running.

Cheers,

--J


On 7 January 2014 15:30, Ted Rogers <tedrog36@gmail.com> wrote:

> Hey Jools,
>
> Thanks for your help on this.  I decided to go with the defaults for all
> the
> settings for now and things seem to be working fine.
>
> Ted
>
> -----Original Message-----
> From: Jools [mailto:joolski@gmail.com]
> Sent: Wednesday, January 01, 2014 6:12 AM
> To: user@thrift.apache.org
> Subject: Re: iOS SSL Thrift Connection
>
> Hi Ted,
>
> It really depends on the environment you are working in, where the clients
> and servers are located and how you go about testing the code in your
> development environment.
>
> You really need to make some time to understand how SSL works (Just google
> it, there are lots of very well written pages) and map them back to the
> StreamSocket settings.
>
> If the data is sensitive, then get some input from the business as they may
> have contractual obligations which relate to how the data is transmitted.
>
> Hope that helps !
>
> --Jools
>
>
>
>
> On 31 December 2013 20:23, Ted Rogers <tedrog36@gmail.com> wrote:
>
> > Jools,
> >
> > Thanks for your help.
> >
> > I do have another question.  I have been searching for examples of
> > setting up SSL with sockets on iOS and they all have similar code
> > which concerns me because it seems to reduce the security.
> >
> > After setting the NSStreamSocketSecurityLevelKey property, they also
> > configure these settings like this:
> >
> > NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
> >                           [NSNumber numberWithBool:YES],
> > kCFStreamSSLAllowsExpiredCertificates,
> >                           [NSNumber numberWithBool:YES],
> > kCFStreamSSLAllowsAnyRoot,
> >                           [NSNumber numberWithBool:NO],
> > kCFStreamSSLValidatesCertificateChain,
> >                           kCFNull,kCFStreamSSLPeerName,
> >                           nil];
> > CFReadStreamSetProperty((CFReadStreamRef)inputStream,
> > kCFStreamPropertySSLSettings, (CFTypeRef)settings);
> > CFWriteStreamSetProperty((CFWriteStreamRef)outputStream,
> > kCFStreamPropertySSLSettings, (CFTypeRef)settings);
> >
> > Do you know whether I should be messing with any of these settings or
> > just leave them at their default value?
> >
> > Ted
> >
> > -----Original Message-----
> > From: Jools [mailto:joolski@gmail.com]
> > Sent: Tuesday, December 31, 2013 1:33 AM
> > To: user@thrift.apache.org
> > Subject: Re: iOS SSL Thrift Connection
> >
> > Ted,
> >
> > I'm still using .6, as we've hacked it about so much I've not had time
> > to merge my changes forward.
> >
> > I was just curious which version you are using.
> >
> > Best of luck, if you hit any issues post back here and I'm sure we'll
> > be able to help.
> >
> > Cheers,
> >
> > --Jools
> >
> >
> >
> > On 30 December 2013 21:52, Ted Rogers <tedrog36@gmail.com> wrote:
> >
> > > Jools,
> > >
> > > Not sure of current version as I can't find the version number in
> > > the source or headers but I figured I would make sure I was using
> > > the latest which I believe is 0.9.1.
> > >
> > > Is there a reason to do more than setting the stream properties?
> > >
> > > Ted
> > >
> > > -----Original Message-----
> > > From: Jools [mailto:joolski@gmail.com]
> > > Sent: Monday, December 30, 2013 3:01 PM
> > > To: user@thrift.apache.org
> > > Subject: Re: iOS SSL Thrift Connection
> > >
> > > Hi Ted,
> > >
> > > Yes, you can alter the stream properties to introduce SSL handshaking.
> > >
> > > Which version of thrift are you using ?
> > >
> > > --Jools
> > >
> > >
> > >
> > >
> > > On 30 December 2013 19:31, Ted Rogers <tedrog36@gmail.com> wrote:
> > >
> > > > Jools,
> > > >
> > > > Thanks for the response.  I am also using TNSFramedTransport.  I
> > > > inherited this code so I am hanging on by my fingertips. :) After
> > > > doing some more research I was wondering whether it was enough to
> > > > just set the security level on the streams before opening them by
> > > > setting the NSStreamSocketSecurityLevelKey and
> > > > kCFStreamPropertySSLSettings properties on the streams in
> > TSocketClient.
> > > > I assume that is not enough?
> > > > Ted
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Mon, Dec 30, 2013 at 2:11 PM, Jools <joolski@gmail.com> wrote:
> > > >
> > > > > Hi Ted,
> > > > >
> > > > > I hit this exact problem a while back, and ended up creating a
> > > > > my own transport using GCDAsyncSocket, as I also needed SSL
> > > > > support along with Framed Transport.
> > > > >
> > > > > See https://github.com/robbiehanson/CocoaAsyncSocket for more
> > > > information
> > > > > on this rather nifty library.
> > > > >
> > > > > If you'd like access to the code, let me know and I'd be happy
> > > > > to post it up.
> > > > >
> > > > > Regards,
> > > > >
> > > > > --Kools
> > > > >
> > > > >
> > > > > On 30 December 2013 17:07, Ted Rogers <tedrog36@gmail.com>
wrote:
> > > > >
> > > > > >
> > > > > > I'm looking to secure an existing Thrift connection using SSL.
> > > > > > I see libraries for doing this with Java using
> > > > > > TSSLTransportFactory but I
> > > > don't
> > > > > > see any Cocoa source for this.
> > > > > >
> > > > > > Any suggestions on how I go about doing this?
> > > > > >
> > > > > > Ted
> > > > >
> > > >
> > >
> > >
> >
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message