Using statically-linked openssl to enable NPN support

Question

Using statically-linked openssl to enable NPN support

coolstar opened this issue 10 years ago · 3 comments

Would it be possible to have an option for CocoaSPDY to use a statically linked OpenSSL (maybe by a compiler flag) so that those who need to connect to servers that only accept SPDY with NPN will be able to?

Answer 1 · 2014-05-26T17:39:37.000Z

CocoaSPDY could use this project: https://github.com/x2on/OpenSSL-for-iPhone to gain NPN support.

Answer 2 · 2014-07-28T19:56:11.000Z

Is there some visibility on when NPN will be supported by Secure Transport?

Answer 3 · 2014-09-19T03:50:54.000Z

I haven't dived into Secure Transport, but iOS 8's NSURLSession supports all the recent versions of SPDY - http://devstreaming.apple.com/videos/wwdc/2014/707xx1o5tdjnvg9/707/707_whats_new_in_foundation_networking.pdf

including NPN. However this carries with it a requirement of minimum iOS 8 support which, given iOS 8's adoption rate being lower than iOS 7 it will be a while before that's an option.

FWIW, shipping a statically linked version of openssl has potentially huge ramifications, as all developers implementing it would then have to go through a lengthy process with the US BIS and explain why you need to export high-strength security libraries not included with the OS already. That goes for all developers, including ones outside the US, because Apple's App Store servers are all hosted in the US (as of this writing) and thus have to comply with US export laws.

In other words, it's not worth it :)