CFNetwork Anonymous Ciphers?

Question

Is there any way with CFNetwork to enable anonymous ciphers -- i.e. so we can use SSL connection code to connect to some (weakly protected) servers?

Answer 1

Is there any way with CFNetwork to enable anonymous ciphers

Yes. Setting the cipher suite is as easy as:

SSLContextRef ctx = NULL;
SSLNewContext(NO /*client*/, &ctx);

SSLCipherSuite cipher = TLS_DH_anon_WITH_AES_256_CBC_SHA;
SSLSetEnabledCiphers(ctx, &cipher, 1);
...

Hooking it up to a higher level object, like NSURLConnection, is hard. See Configure socket used by NSURLConnection? on the Apple Networking mailing list.

Also see Using SSLSetEnabledCiphers with AFNetworking to disable weak ciphers.

---

Here are the RADARs that were filled regarding the problem:

• iOS, Apple RADAR 17904439, "Unable to set SSLContext on NSURLConnection and friends"
• OS X, Apple RADAR 17904536, "Unable to set SSLContext on NSURLConnection and friends"
• iOS, OpenRadar 5843780150231040, "Unable to set SSLContext on NSURLConnection and friends"
• OS X, OpenRadar 5810038887153664, "Unable to set SSLContext on NSURLConnection and friends"