问题
My question is related to Apple Transport Security (ATS) and I am too much confused.
I want to support all the protocols (all version of TLS and SSL) in my swift app. If I change NSAllowsArbitraryLoads to false, will app work on all protocols by default? Or do I have to specify domain in configuration and add NSExceptionMinimumTLSVersion?
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>your.servers.domain.here</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
</dict>
And how can I check my app is communicating with server on what protocol?
回答1:
You'll want to read up https://developer.apple.com/library/mac/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
In short, you need to specify NSExceptionMinimumTLSVersion to support TLS1.0 and up; 1.2+ is the default.
Why are you trying to support older, less secure protocols anyway?
I don't know how you could check which protocol is being used, but if you can configure a server to only work with, say, TLS 1.0, then your app will only connect with the TLSv1.0 key in place; and that's easy to test.
回答2:
Connecting Securely to a URL
Connecting to a URL via TLS is trivial. When you create an NSURLRequest object to provide to the initWithRequest:delegate: method, specify https as the scheme of the URL instead of http. The connection uses TLS automatically with no additional configuration.
https://developer.apple.com/library/content/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/SecureNetworking/SecureNetworking.html
来源:https://stackoverflow.com/questions/37320980/how-to-enable-tls-1-2-1-1-1-0-and-ssl-in-ios-app