堆栈内存溢出
  简体   繁体   English

如何防止我的应用在iOS 8上从TLSv1.2降级?

[英]How can I prevent my app from downgrading from TLSv1.2 on iOS 8?

 原文  2016-02-05 21:25:10       ios/ secure-transport

问题描述

I am trying to restrict my app from communicating with a server that is running any version of TLS prior to 1.2. 我试图限制我的应用与运行1.2之前的任何版本的TLS的服务器进行通信。 From the docs, it appears that I should be able to do this by calling SSLSetProtocolVersionMin , so I have done that: 从文档看来,我应该可以通过调用SSLSetProtocolVersionMin来做到这SSLSetProtocolVersionMin ,所以我做到了: 

SSLContextRef context = SSLCreateContext(NULL, kSSLClientSide, kSSLStreamType);
SSLSetProtocolVersionMax(context, kTLSProtocol12);
SSLSetProtocolVersionMin(context, kTLSProtocol12);

I have verified that the call to SSLSetProtocolVersionMin does not return an error, but I am still able to connect to servers that negotiate down to SSLv3. 我已经验证了对SSLSetProtocolVersionMin的调用不会返回错误,但是我仍然能够连接到协商为SSLv3的服务器。

SSLSetProtocolVersionMax appears to work correctly, as when I set it to TLSv1.1 and the server to TLSv1.2 only, I cannot connect to the server. SSLSetProtocolVersionMax似乎可以正常工作,因为当我将其设置为TLSv1.1并将服务器设置为仅TLSv1.2时,我无法连接到服务器。

It appears that this works as expected on iOS 9. Does anybody know if this is not supported in iOS 8, or if there are other steps I need to take? 看来这在iOS 9上可以正常工作。有人知道iOS 8不支持此操作吗,还是我需要采取其他步骤?

1 个解决方案

解决方案1
 0  2016-02-05 21:37:08

You can configure iOS to only connect to servers meeting a minimum TLS version using Apple's new Application Transport Security in iOS 9. 您可以使用iOS 9中苹果新的应用程序传输安全性,将iOS配置为仅连接到满足最低TLS版本的服务器。

You can add code like the following to your Info.plist file: 您可以将以下代码添加到Info.plist文件中: 

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>mydomain.com</key>
        <dict>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>1.2<string/>
        </dict>
    </dict>
</dict>

You can take a look at the WWDC video . 您可以看一下WWDC视频

EDIT: 编辑:

I see you added to your question to state that you need to accomplish this on iOS 8, which does not have ATS. 我看到您添加到问题中,指出您需要在没有ATS的iOS 8上完成此操作。 But hopefully this answer will help those using iOS 9 and that need to do this, since the original question did not include this limitation. 但是希望这个答案将对那些使用iOS 9并需要这样做的人有所帮助,因为原始问题不包括此限制。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iOS App Transport Security不接受TLSv1.2连接,plist例外没有任何区别 - iOS App Transport Security not accepting TLSv1.2 connection and plist exceptions not making any difference 如何防止我的Phonegap应用在ios上全屏播放视频? - How can I prevent my Phonegap app from playing video full screen on ios? 当用户将手机切换为静音时,如何防止我的iOS VoIP应用播放音频? - How can I prevent my iOS VoIP app from playing audio when the user switches their phone to silent? 如何防止我的计时器应用程序被iOS终止 - How can I prevent my timer app from being terminated by iOS CFNetwork SSLHandshake针对支持TLSv1.2的服务器失败(-9824) - CFNetwork SSLHandshake failed (-9824) against server that support TLSv1.2 如何从iOS应用中删除crashlytics? - How can I remove crashlytics from my iOS app? 如何将 url 从浏览器共享到 iOS 中的应用程序? - How can I share a url from a browser to my app in iOS? 当应用程序在后台时,如何防止 iOS 关闭我的心率监测器? - How do I prevent iOS from closing my heart rate monitor when the app is in the background? 如何防止操作扩展出现在我自己的 iOS 应用程序中? - How to prevent an action extension from appearing in my own iOS app? 阻止我的iOS 7应用升级 - Prevent my iOS 7 app from upgrading
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM