SSL 固定在 android 应用程序中是否会影响使用同一服务器的 iOS 应用程序的工作?
[英]Does SSL pinning in android app affect working of iOS app using same server?
问题描述
I am implementing SSL public key pinning on my android app.
我正在我的 android 应用程序上实现 SSL 公钥固定。 After implementation on the android app and adding Expect-CT header at the server will it affect my iOS app on which SSL pinning is not implemented?在 android 应用程序上实施并在服务器上添加 Expect-CT header 后,它会影响我的 iOS 应用程序,而 ZEA52C24203C31 未实施 B1ACE23?
1 个解决方案
解决方案1
1 2020-08-01 22:30:09
SSL pinning is an implementation detail of the app, so implementing on Android won't impact iOS. SSL pinning 是应用程序的实现细节,因此在 Android 上实现不会影响 iOS。
The Expect-CT header, however, is actually for Certificate Transparency, and so un-related to SSL pinning.然而,Expect-CT header 实际上是用于证书透明度,因此与 SSL 固定无关。 It will have no impact on either Android or iOS apps currently although could potentially in webviews where the browsers are starting to add in support.它目前不会对 Android 或 iOS 应用程序产生影响,尽管可能在浏览器开始添加支持的 web 视图中。
To support CT on Android, look at certificate-transparency-android .要在 Android 上支持 CT,请查看certificate-transparency-android 。 For iOS, AppTransportSecurity has a NSRequiresCertificateTransparency that needs to be set to YES , the default is NO , ie by default CT is not enabled within iOS apps.对于 iOS, AppTransportSecurity有一个NSRequiresCertificateTransparency需要设置为YES ,默认为NO ,即默认情况下在 iOS 应用程序中不启用 CT。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.