如何在 iOS 应用程序中启用 TLS 1.2、1.1、1.0 和 SSL?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/37320980/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to Enable TLS 1.2, 1.1,1.0, and SSL in iOS app?
提问by Wajahat Chaudhry
My question is related to Apple Transport Security (ATS) and I am too much confused.
我的问题与 Apple Transport Security (ATS) 有关,我太困惑了。
I want to support all the protocols (all version of TLS and SSL) in my swift app. If I change NSAllowsArbitraryLoads to false, will app work on all protocols by default? Or do I have to specify domain in configuration and add NSExceptionMinimumTLSVersion?
我想在我的 swift 应用程序中支持所有协议(所有版本的 TLS 和 SSL)。如果我将 NSAllowsArbitraryLoads 更改为 false,默认情况下应用程序是否适用于所有协议?或者我是否必须在配置中指定域并添加 NSExceptionMinimumTLSVersion?
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
<key>NSExceptionDomains</key>
<dict>
<key>your.servers.domain.here</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
</dict>
And how can I check my app is communicating with server on what protocol?
以及如何检查我的应用程序是否通过什么协议与服务器通信?
回答by Graham Perks
You'll want to read up https://developer.apple.com/library/mac/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33
In short, you need to specify NSExceptionMinimumTLSVersion to support TLS1.0 and up; 1.2+ is the default.
简而言之,您需要指定 NSExceptionMinimumTLSVersion 以支持 TLS1.0 及更高版本;1.2+ 是默认值。
Why are you trying to support older, less secure protocols anyway?
无论如何,您为什么要尝试支持较旧的、安全性较低的协议?
I don't know how you could check which protocol is being used, but if you can configure a server to only work with, say, TLS 1.0, then your app will only connect with the TLSv1.0 key in place; and that's easy to test.
我不知道您如何检查正在使用的协议,但如果您可以将服务器配置为仅使用 TLS 1.0,那么您的应用程序将仅与 TLSv1.0 密钥连接;这很容易测试。
回答by Nazrul Islam
Connecting Securely to a URL
安全连接到 URL
Connecting to a URL via TLS is trivial. When you create an NSURLRequest object to provide to the initWithRequest:delegate: method, specify https as the scheme of the URL instead of http. The connection uses TLS automatically with no additional configuration.
通过 TLS 连接到 URL 是微不足道的。创建 NSURLRequest 对象以提供给 initWithRequest:delegate: 方法时,指定 https 作为 URL 的方案,而不是 http。连接自动使用 TLS,无需额外配置。
