Updated GCDAsyncSocket to allow for specification of SSL cipher suites and DiffieHellman parameters (Mac OS X only). Thanks to Aidan Steele for the patch.

robbiehanson · robbiehanson · commit 1f28d9f6b0d7 · 2011-01-27T14:47:45.000Z
diff --git a/GCD/GCDAsyncSocket.h b/GCD/GCDAsyncSocket.h
@@ -18,6 +18,11 @@
 extern NSString *const GCDAsyncSocketException;
 extern NSString *const GCDAsyncSocketErrorDomain;
 
+#if !TARGET_OS_IPHONE
+extern NSString *const GCDAsyncSocketSSLCipherSuites;
+extern NSString *const GCDAsyncSocketSSLDiffieHellmanParameters;
+#endif
+
 enum GCDAsyncSocketError
 {
 	GCDAsyncSocketNoError = 0,           // Never used
diff --git a/GCD/GCDAsyncSocket.m b/GCD/GCDAsyncSocket.m
@@ -81,6 +81,11 @@
 NSString *const GCDAsyncSocketException = @"GCDAsyncSocketException";
 NSString *const GCDAsyncSocketErrorDomain = @"GCDAsyncSocketErrorDomain";
 
+#if !TARGET_OS_IPHONE
+NSString *const GCDAsyncSocketSSLCipherSuites = @"GCDAsyncSocketSSLCipherSuites";
+NSString *const GCDAsyncSocketSSLDiffieHellmanParameters = @"GCDAsyncSocketSSLDiffieHellmanParameters";
+#endif
+
 enum GCDAsyncSocketFlags
 {
 	kDidStartDelegate          = 1 <<  0,  // If set, disconnection results in delegate call
@@ -4818,6 +4823,8 @@ - (void)maybeStartTLS
 		// 5. kCFStreamSSLAllowsExpiredCertificates
 		// 6. kCFStreamSSLCertificates
 		// 7. kCFStreamSSLLevel
+		// 8. GCDAsyncSocketSSLCipherSuites
+		// 9. GCDAsyncSocketSSLDiffieHellmanParameters
 		
 		id value;
 		
@@ -4960,6 +4967,44 @@ - (void)maybeStartTLS
 			}
 		}
 		
+		// 8. GCDAsyncSocketSSLCipherSuites
+		
+		value = [tlsSettings objectForKey:GCDAsyncSocketSSLCipherSuites];
+		if (value)
+		{
+			NSArray *cipherSuites = (NSArray *)value;
+			NSUInteger numberCiphers = [cipherSuites count];
+			SSLCipherSuite ciphers[numberCiphers];
+			
+			for (NSUInteger cipherIndex = 0; cipherIndex < numberCiphers; cipherIndex++)
+			{
+				NSNumber *cipherObject = [cipherSuites objectAtIndex:cipherIndex];
+				ciphers[cipherIndex] = [cipherObject shortValue];
+			}
+			
+			status = SSLSetEnabledCiphers(sslContext, ciphers, numberCiphers);
+			if (status != noErr)
+			{
+				[self closeWithError:[self otherError:@"Error in SSLSetEnabledCiphers"]];
+				return;
+			}
+		}
+		
+		// 9. GCDAsyncSocketSSLDiffieHellmanParameters
+		
+		value = [tlsSettings objectForKey:GCDAsyncSocketSSLDiffieHellmanParameters];
+		if (value)
+		{
+			NSData *diffieHellmanData = (NSData *)value;
+			
+			status = SSLSetDiffieHellmanParams(sslContext, [diffieHellmanData bytes], [diffieHellmanData length]);
+			if (status != noErr)
+			{
+				[self closeWithError:[self otherError:@"Error in SSLSetDiffieHellmanParams"]];
+				return;
+			}
+		}
+		
 		// Setup the sslReadBuffer
 		// 
 		// If there is any data in the partialReadBuffer,
