How to Enable TLS 1.2, 1.1,1.0, and SSL in iOS app?

Wajahat Chaudhry picture Wajahat Chaudhry · May 19, 2016 · Viewed 26.5k times · Source

My question is related to Apple Transport Security (ATS) and I am too much confused.

I want to support all the protocols (all version of TLS and SSL) in my swift app. If I change NSAllowsArbitraryLoads to false, will app work on all protocols by default? Or do I have to specify domain in configuration and add NSExceptionMinimumTLSVersion?

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
     <key>NSExceptionDomains</key>
<dict>
    <key>your.servers.domain.here</key>
    <dict>
        <key>NSIncludesSubdomains</key>
        <true/>
        <key>NSExceptionRequiresForwardSecrecy</key>
        <false/>
        <key>NSExceptionMinimumTLSVersion</key>
        <string>TLSv1.0</string>
    </dict>
</dict>

And how can I check my app is communicating with server on what protocol?

Answer

Graham Perks picture Graham Perks · May 19, 2016

You'll want to read up https://developer.apple.com/library/mac/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33

In short, you need to specify NSExceptionMinimumTLSVersion to support TLS1.0 and up; 1.2+ is the default.

Why are you trying to support older, less secure protocols anyway?

I don't know how you could check which protocol is being used, but if you can configure a server to only work with, say, TLS 1.0, then your app will only connect with the TLSv1.0 key in place; and that's easy to test.