How to reestablish TLS from client using swift-nio-ssl

lovetodream · October 17, 2023, 4:01pm

I am using swift-nio-ssl and I need to renegotiate or reestablish TLS from the client side if the server sends a specific flag. Is there any way to do this (ideally from within a ChannelHandler)?

It's possible to achieve this in python using socket.detach() and then wrap the returned socket with a new ssl socket using wrap_socket.

I've found NIORenegotiationSupport in the TLSConfiguration already, but that seems to be triggered only if the server initiates the renegotiation from my understanding. (And I guess what I need is not really renegotiation, but I am not sure about it)
https://swiftpackageindex.com/apple/swift-nio-ssl/2.25.0/documentation/niossl/tlsconfiguration/renegotiationsupport

I hope what I'm trying to achieve is understandable, If not, please ask follow up questions

lukasa · October 17, 2023, 5:07pm

TLS renegotiation is generally disliked, so we haven't added support. The easiest way for you to do this is to use the channel APIs to remove the handler from the pipeline using removeHandler, then insert a new one. This will perform a new handshake. If you need to send closeNotify, then the NIOSSLHandler has a stopTLS function that will do that too.

lovetodream · October 18, 2023, 8:33am

Thank you so much, that did the trick. I was overthinking it a bit to much