-
Notifications
You must be signed in to change notification settings - Fork 876
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not support ECDSA cipher suite for aws-sdk-ios #905
Comments
Thank you @Cyan-pactera for reporting to us. Sorry for the inconvenience caused. As you pointed out, the SDK only supports RSA for key exchange though the IoT service supports ECDSA. We will take it as a feature request to support the different cipher suites that AWS IoT supports in the TLS connection. |
any timeline on this? |
I don't have a specific timeline that I can share at this point. This is in our backlog and waiting for prioritization. I will post back on this thread or through a general forum announcement when I have an update. |
@cbommas @kvasukib |
In principle,ECDSA cipher suite is supported in AWS IoT
Elliptic Curve Cryptography and Forward Secrecy Support in AWS IoT
Security and Identity for AWS IoT
But in aws-sdk-ios, all certificates save as RSA type.It only support RSA.
[keyPairAttr setObject:(id)kSecAttrKeyTypeRSA forKey:(id)kSecAttrKeyType];
This operation execute in "AWSIoTKeychain.m"
While importing p12 that contains ecdsa key by importIdentityFromPKCS12Data:passPhrase:certificateId: method, it will return YES,
but validity verification will always failed when we try to connect to server. By the way, verification is private method.
The text was updated successfully, but these errors were encountered: