Get TLS security level via AppExtension

Improves #97
2019-05-08 16:02:48 +02:00 · 2019-05-08 16:02:48 +02:00 · ff0dfc450c
parent 3a136bdce9
commit ff0dfc450c
1 changed files with 11 additions and 0 deletions
--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
@ -147,6 +147,7 @@ extension TunnelKitProvider {
                    throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.tlsWrap)]")
                }
            }
+            sessionConfigurationBuilder.tlsSecurityLevel = providerConfiguration[S.tlsSecurityLevel] as? Int ?? ConfigurationBuilder.defaults.sessionConfiguration.tlsSecurityLevel
            sessionConfigurationBuilder.keepAliveInterval = providerConfiguration[S.keepAlive] as? TimeInterval ?? ConfigurationBuilder.defaults.sessionConfiguration.keepAliveInterval
            sessionConfigurationBuilder.renegotiatesAfter = providerConfiguration[S.renegotiatesAfter] as? TimeInterval ?? ConfigurationBuilder.defaults.sessionConfiguration.renegotiatesAfter
            guard let endpointProtocolsStrings = providerConfiguration[S.endpointProtocols] as? [String], !endpointProtocolsStrings.isEmpty else {
@ -245,6 +246,8 @@ extension TunnelKitProvider {
            
            static let tlsWrap = "TLSWrap"

+            static let tlsSecurityLevel = "TLSSecurityLevel"
+
            static let keepAlive = "KeepAlive"
            
            static let endpointProtocols = "EndpointProtocols"
@ -451,6 +454,9 @@ extension TunnelKitProvider {
            if let tlsWrapData = sessionConfiguration.tlsWrap?.serialized() {
                dict[S.tlsWrap] = tlsWrapData
            }
+            if let tlsSecurityLevel = sessionConfiguration.tlsSecurityLevel {
+                dict[S.tlsSecurityLevel] = tlsSecurityLevel
+            }
            if let keepAliveSeconds = sessionConfiguration.keepAliveInterval {
                dict[S.keepAlive] = keepAliveSeconds
            }
@ -554,6 +560,11 @@ extension TunnelKitProvider {
            } else {
                log.info("\tTLS wrapping: disabled")
            }
+            if let tlsSecurityLevel = sessionConfiguration.tlsSecurityLevel {
+                log.info("\tTLS security level: \(tlsSecurityLevel)")
+            } else {
+                log.info("\tTLS security level: default")
+            }
            if let keepAliveSeconds = sessionConfiguration.keepAliveInterval, keepAliveSeconds > 0 {
                log.info("\tKeep-alive: \(keepAliveSeconds) seconds")
            } else {