New TLS Members in URLSessionTaskTransactionMetrics

Clock Submitted by matt_eaton on Sun, 08/11/2019 - 02:01 AM

Tags

If you have ever gathered connection metrics using URLSessionTaskTransactionMetrics then you may have noticed that this year Apple has now exposed a few TLS properties to the public API.  The first is negotiatedTLSCipherSuite and the next negotiatedTLSCipherSuite.  The reason this is interesting is that these values seem to have been around since iOS 7, but now are being released in the Security framework in the new iOS 13 beta.  These properties will be very useful for connection diagnostics once they are completely available for development usage.   Here is a link describing each of these enumerations.  And here is a look at the members exposed in Foundation from the URLSessionTaskTransactionMetrics extension.

 

// (TLS Protocol Version) 0x0303
// (TLS Cipher Suite) 0xC02F
 
@available(OSX 10.15, iOS 13.0, watchOS 6.0, tvOS 13.0, *)
extension URLSessionTaskTransactionMetrics {
 
    public var localPort: Int? { get }
 
    public var remotePort: Int? { get }
 
    public var negotiatedTLSProtocolVersion: tls_protocol_version_t? { get }
 
    public var negotiatedTLSCipherSuite: tls_ciphersuite_t? { get }
}

In the documentation from the Security Framework these TLS types are described as enumerations, so accessing the values could be done with a switch statement like the one below.  However, in this case even accessing the negotiatedTLSProtocolVersion results in a crash.

var tlsVersionStr = ""        
if let tlsVersion = metrics.negotiatedTLSProtocolVersion {
    switch tlsVersion {
    case .TLSv10:
        tlsVersionStr = "TLSv10"
    case .TLSv11:
        tlsVersionStr = "TLSv11"
    case .TLSv12:
        tlsVersionStr = "TLSv12"
    case .TLSv13:
        tlsVersionStr = "TLSv13"
    case .DTLSv10:
        // For Datagrams
        tlsVersionStr = "DTLSv10"
    case .DTLSv12:
        // For Datagrams
        tlsVersionStr = "DTLSv12"
    default:
        tlsVersionStr = "N/A"
    }
}

I am going to open a bug report for this crasher, but will keep this post active for when these TLS members become usable.  Until then, please let me know if you have seen anything different in the public beta you are consuming.  Thank you!

Matt Eaton

Member for

3 years 9 months
Matt Eaton

Long time mobile team lead with a love for network engineering, security, IoT, oss, writing, wireless, and mobile.  Avid runner and determined health nut living in the greater Chicagoland area.

LinkedIn
Twitter
Github
Agnostic Development - Copyright 2018, All Rights Reserved. - Privacy