About ATS SSL in iOS 9 release version
My apps use http, and doesn\'t update for iOS9 yet. Today I upgraded to iOS9 on my iPad, all my apps are still working using http. It seems Apple doesn\'t force https in iOS9 re
-
iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:
<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>讨论(0) -
Current apps are fine on iOS 9. The ATS SSL requirement kicks in wot apps build for iOS 9.
From App Transport Security Technote
Default Behavior:
All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X 10.11 or later. Connections that do not follow the requirements will fail.The key portion is: apps built for iOS 9.0 or later.
These are the App Transport Security requirements:
- The server must support at least Transport Layer Security (TLS) protocol version 1.2.
- Connection ciphers are limited to those that provide forward secrecy (see the list of ciphers below.)
- Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048 bit or greater RSA key or a 256 bit or greater Elliptic-Curve (ECC) key.
- Invalid certificates result in a hard failure and no connection.
讨论(0) -
ATS is enabled on apps that are built on Xcode 7 but not on apps that are built with an earlier version of Xcode. This is to prevent hundreds of thousands of apps from 'breaking' on iOS 9.
If you rebuild your app using Xcode 7, ATS will be enabled for your app and you will either need to change your back end to use HTTPS or add exceptions into info.plist.
So essentially, ATS is 'forced' for new/updated apps (or you need to explicitly partially or entirely disable it) but not for old apps.
讨论(0)
加载中...
- 热议问题