为什么iOS 13.x 13.4以下的版本还在使用TLS 1.0/1.1,如何强制使用TLS 1.2及以上?
[英]Why iOS 13.x below the 13.4 version is still using TLS 1.0/1.1 and how to force it to use TLS 1.2 and above?
问题描述
We are doing some research on our inbound TLS traffic and we are currently seeing a small percentage of iOS 13.x below the 13.4 version that are still using TLS 1.0 or TLS 1.1 .
我们正在对入站 TLS 流量进行一些研究,目前我们看到一小部分低于13.4版本的iOS 13.x仍在使用TLS 1.0或TLS 1.1 。
Do you know why this recent OS is still using these deprecated protocols and how to force it to use at least the TLS 1.2 version?您知道为什么这个最近的操作系统仍在使用这些已弃用的协议,以及如何强制它至少使用 TLS 1.2 版本吗?
1 个解决方案
解决方案1
2 2020-05-24 04:01:32
According to Cordova documentation, there is a way to control and force minimum version but it also states the minimum TLS version defaults to 'TLSv1.2'.根据 Cordova 文档,有一种方法可以控制和强制最低版本,但它也指出最低 TLS 版本默认为“TLSv1.2”。 Furthermore, this only applies to the main Cordova webview, and does not apply to an InAppBrowser webview or opening links in the system web browser. Furthermore, this only applies to the main Cordova webview, and does not apply to an InAppBrowser webview or opening links in the system web browser.
From the config.xml file, Cordova automatically converts and tags to the appropriate Application Transport Security (ATS) directives.从 config.xml 文件中,Cordova 自动转换并标记为适当的应用程序传输安全 (ATS) 指令。
The and tags support these three attributes below, which have their equivalents in ATS: and 标签支持以下这三个属性,它们在 ATS 中具有等价物:
- minimum-tls-version (String, defaults to 'TLSv1.2') minimum-tls-version (字符串,默认为 'TLSv1.2')
- requires-forward-secrecy (Boolean, defaults to 'true') requires-forward-secrecy (Boolean, 默认为 'true')
- requires-certificate-transparency (Boolean, defaults to 'false', new in iOS 10) requires-certificate-transparency(布尔值,默认为 'false',iOS 10 中的新增功能)
example :例子:
<access origin='https://cordova.apache.org' minimum-tls-version='TLSv1.1' requires-forward-secrecy='false' requires-certificate-transparency='true' />
In iOS 10 and above, the tag supports these three attributes below, when paired with the origin wildcard *.在 iOS 10 及更高版本中,当与源通配符 * 配对时,标签支持以下这三个属性。 These attributes also have their equivalents in ATS:这些属性在 ATS 中也有它们的等价物:
- allows-arbitrary-loads-for-media (Boolean, defaults to 'false', new in iOS 10. New in cordova-ios@4.5.0, fixed to use the proper attribute name). allow-arbitrary-loads-for-media(布尔值,默认为“false”,iOS 10 中的新功能。cordova-ios@4.5.0 中的新功能,已修复为使用正确的属性名称)。 The old attribute allows-arbitrary-loads-in-media is now deprecated.旧属性 allow-arbitrary-loads-in-media 现在已弃用。
- allows-arbitrary-loads-in-web-content (Boolean, defaults to 'false', new in iOS 10) allow-arbitrary-loads-in-web-content (布尔值,默认为 'false',iOS 10 中的新功能)
- allows-local-networking (Boolean, defaults to 'false', new in iOS 10)允许本地网络(布尔值,默认为“假”,iOS 10 中的新功能)
example :例子:
<access origin='*' allows-arbitrary-loads-for-media='true' allows-arbitrary-loads-in-web-content='true' allows-local-networking='true' />
Source: https://cordova.apache.org/docs/en/9.x/guide/appdev/whitelist/资料来源: https://cordova.apache.org/docs/en/9.x/guide/appdev/whitelist/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.