Transport Layer Security (TLS) is the most important security protocol on the Internet today. Most notably, TLS puts the S into HTTPS, adding security to the otherwise insecure HTTP protocol. IMPORTANT TLS is the successor to the Secure Sockets Layer (SSL) protocol. SSL is no longer considered secure and it’s now rarely used in practice, although many folks still say SSL when they mean TLS. TLS is a complex protocol. Much of that complexity is hidden from app developers but there are places where it’s important to understand specific details of the protocol in order to meet your requirements. This post explains the fundamentals of TLS, concentrating on the issues that most often confuse app developers. Note If you’re working on TLS in the local environment, for example, to talk to a Wi-Fi based accessory, see TLS For Accessory Developers. Server Certificates For standard TLS to work the server must have a digital identity, that is, the combination of a certificate and the private key matching the public key embedded in that certificate. TLS Crypto Magic™ ensures that: The client gets a copy of the server’s certificate. The client knows that the server holds the private key matching the public key in that certificate. In a typical TLS handshake the server passes the client a list of certificates, where item 0 is the server’s certificate (the leaf certificate), item N is (optionally) the certificate of the certificate authority that ultimately issued that certificate (the root certificate), and items 1…N-1 are any intermediate certificates required to build a cryptographic chain of trust from 0 to N. Note The cryptographic chain of trust is established by means of digital signatures. Certificate X in the chain is issued by certificate X+1. The owner of certificate X+1 uses their private key to digitally sign certificate X. The client can verify this signature using the public key embedded in certificate X+1. Eventually this chain terminates in a trusted anchor, that is, a certificate that the client trusts by default. Typically this anchor is a self-signed root certificate from a certificate authority. Note Item N is optional for reasons I’ll explain below. Also, the list of intermediate certificates may be empty (in the case where the root certificate directly issued the leaf certificate) but that’s uncommon for servers in the real world. Once the client gets the server’s certificate, it must evaluate trust on that certificate to confirm that it’s talking to the right server. There’s three levels of trust evaluation here: Basic X.509 trust evaluation checks that there’s a cryptographic chain of trust from the leaf through the intermediates to a trusted root certificate. The client has a set of trusted root certificates built in (these are from well-known certificate authorities, or CAs), and a site admin can add more via a configuration profile. This step also checks that none of the certificates have expired, and various other more technical criteria (like the Basic Constraints extension). Note This explains why the server does not have to include the root certificate in the list of certificates it passes to the client; the client has to have the root certificate installed if trust evaluation is to succeed. In addition, TLS trust evaluation (per RFC 2818) checks that the DNS name that you connected to matches the DNS name in the certificate. Specifically, the DNS name must be listed in the Subject Alternative Name extension. Note The Subject Alternative Name extension can also contain IP addresses, although that’s a much less well-trodden path. Also, historically it was common to accept DNS names in the Common Name element of the Subject but that is no longer the case on Apple platforms. App Transport Security (ATS) adds its own security checks. Basic X.509 and TLS trust evaluation are done for all TLS connections. ATS is only done on TLS connections made by URLSession and things layered on top URLSession (like WKWebView). In many situations you can override trust evaluation; for details, see Technote 2232 HTTPS Server Trust Evaluation). Such overrides can either tighten or loosen security. For example: You might tighten security by checking that the server certificate was issued by a specific CA. That way, if someone manages to convince a poorly-managed CA to issue them a certificate for your server, you can detect that and fail. You might loosen security by adding your own CA’s root certificate as a trusted anchor. IMPORTANT If you rely on loosened security you have to disable ATS. If you leave ATS enabled, it will require that default server trust evaluation succeed regardless of any customisations you do. Client Certificates The previous section discusses server trust evaluation, which is required for all standard TLS connections. That process describes how the client decides whether to trust the server. Client certificate authentication, sometimes known as mutual TLS, is the opposite of that, that is, it’s the process by which the server decides whether to trust the client. Client certificate authentication is optional. The server must request a certificate from the client and the client may choose to supply one or not (although if the server requests a certificate and the client does not supply one it’s likely that the server will then fail the connection). At the TLS protocol level this works much like it does with the server certificate. For the client to provide this certificate it must apply a digital identity to the connection, and TLS Crypto Magic™ assures the server that, if it gets a certificate from the client, the client holds the private key associated with that certificate. Where things diverge is in trust evaluation. Trust evaluation of the client certificate is done on the server, and the server uses its own rules to decided whether to trust a specific client certificate. For example: Some servers do basic X.509 trust evaluation and then check that the chain of trust leads to one specific root certificate; that is, a client is trusted if it holds a digital identity whose certificate was issued by a specific CA. Some servers just check the certificate against a list of known trusted client certificates. When the client sends its certificate to the server it actually sends a list of certificates, much as I’ve described above for the server’s certificates. In many cases the client only needs to send item 0, that is, its leaf certificate. That’s because: The server already has the intermediate certificates required to build a chain of trust from that leaf to its root. There’s no point sending the root, as I discussed above in the context of the server trust evaluation. However, there are no hard and fast rules here; the server does its client trust evaluation using its own internal logic, and it’s possible that this logic might require the client to present intermediates, or indeed present the root certificate even though it’s typically redundant. If you have problems with this, you’ll have to ask the folks running the server to explain these requirements. Note If you need to send additional certificates to the server, you can do this by passing them to the certificates parameter of the method you use to create your URLCredential (typically init(identity:certificates:persistence:)). One thing that bears repeating is that trust evaluation of the client certificate is done on the server, not the client. The client does not care whether the client certificate is trusted or not. Rather, it simply passes that certificate the server and it’s up to the server to make that decision. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Updates: 11 Nov 2016 — First posted. 29 Oct 2018 — Minor editorial updates. 17 Apr 2020 — Updated the discussion of Subject Alternative Name to account for changes in the 2019 OS releases. Minor editorial updates. 26 Feb 2021 — Fixed the formatting. Clarified that ATS only applies to URLSession. Minor editorial changes. 3 Jun 2022 — Added a link to TLS For Accessory Developers.

According to Section 2.6.2 of RFC 3927, 169.254.255.255 is the broadcast address for the Link-Local prefix. This does not seem to work in macOS; what I see in WireShark are ARP messages "Who has 169.254.255.255?". Which obviously doesn't work. I'm on macOS 12.4 / Xcode 13.4. Same code works fine in Linux (Ubuntu 20.04). Anybody have any ideas?

I want my app to react when it sees that a certain port is being listened to, and likewise when it stops being listened to. Specifically, another app will start a gdb server (at 127.0.0.1 on 9003) and I want mine to detect that. I don't really even care that it's a gdb server, just when the port is in use or not. I can do it right now using polling using a variation of this but that's not great for CPU wakes. I'm wondering if I can use an NWConnection (with no timeout) to monitor for these events (port in use, port no longer in use). If so, any pointers would be very gratefully received :) Even if just to say I'm barking up the wrong tree!

Hi Quinn, I am developing an app that connects to a local device via Wifi or Ethernet. I am using tcp over Network.framework for the communication. My network connector is configured as such for iOS: let tcp_params = NWParameters.tcp         tcp_params.preferNoProxies = true         tcp_params.acceptLocalOnly = true         tcp_params.prohibitedInterfaceTypes = [.cellular] So what happens is that everything is fine as long as both the iPhone and the device are connected to an AccesPoint. But there is another option where the device acts as AccessPoint and you can join that network straight. The device, since it has no connection to the internet, does not offer a default route - so that any client devices can still use cellular network to access the internet. What happens though is that I cannot get a connection to that device in case cellular data is on. The state handler shows the following error message: lC3 MINI-20001._cap._tcp.local. tcp, no cellular, prefer no proxy, attribution: developer, path unsatisfied (Denied over cellular interface), interface: pdp_ip0[lte], ipv4, ipv6, expensive] As soon as I disable cellular data, everything works fine. Is there any way to get around this? There must be cause Safari can actually connect to the device even with cellular data on. I have played with various ways to configure the NWParameters, but no luck. Maybe you got the magic? Cheers, Michael

I have a wireless stateless-switch within my private network (LAN) which transmits HTTP posts to a configured URL (e.g. an always-on MacMini) about the switch's state. Upon receipt of a post, my MacOS app will then take appropriate action. No response to the sender is required. The frequency of posts will be minimal ( a few per day), but require immediate attention when received. The LAN is protected from external misuse by a secure gateway. I'd appreciate any suggestions for a lightweight solution (i.e. not a full-blown web-server), either as an overview of methods or sample source (e.g. on GitHub). Regards, Michaela

A number of years ago I wrote code that uses dns_open(...) and dns_lookup(...) to call a remote name server for dns resolution. Testing in Monterey, Big Sur and Catalina I get a NULL reply from dns_lookup. The code produces an expected result with Mojave and High Sierra. If I pass NULL as the argument to dns_open() then resolution is successful, but that is not using the desired name server. I have submitted feedback request FB10027085 with a small project that demonstrates the failure.

Hello, I'm working on an Apple Watch/ iPhone/PC/Mac OS sport applications with different types of connectivity and i'm a bit stuck with the bellow issue. I'm trying to Resolve a Bonjour that is using NWBrowser on WatchOS 8.6 on Apple Watch SE with LTE and i encounter strange issues: First i'm setup a NWBrowser : NWBrowser(for: .bonjourWithTXTRecord(type: "_angry._tcp", domain: nil), using: parameters) Then, using : browser?.browseResultsChangedHandler = { [weak self] results, changes in Everything works well until here I'm gathering info form name and txt of the service found and ask the client if i want's a connection to service found . Using NWConnection to connecting to the found enpoint: NWConnection(to: endpoint, using: params) Here starts the issue In the stateUpdateHandler : connection?.stateUpdateHandler = { state in     switch state {     case .ready:      if let innerEndpoint = connection?.currentPath?.remoteEndpoint,        case .hostPort(let host, let port) = innerEndpoint { i'm checking the port and host where i'm getting the wrong informations, an IPV6 and a port that don't exists on the target server and a log in the console : 2022-05-22 15:54:33.146148+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_copy_synthesized_url Endpoint type is not an address or host, cannot synthesize URL 2022-05-22 15:54:33.319537+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.319604+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.319621+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.319636+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.319651+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.501821+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.501875+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.501892+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.501908+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching 2022-05-22 15:54:33.501923+0300 WatchKit Extension[956:609596] [] nw_endpoint_proxy_match_exception_to_endpoint Invalid proxy endpoint type 3 for matching I tried this on an apple watch simulator and a couple of real iPhone devices and everything works well, i'm getting the good port and host and no console errors/warnings. PS: All this are done during a running HKWorkoutSession to ensure that the app is kept active during different networking operations. What i'm doing wrong since is working fine on iPhone and WatchOS Simulator? Thanks , Angry Software

Hi, I'm trying to send audio data via UDP. I am using Network.framework with networking, so to use send method in NWConnection sending data must be Data type or confirm to DataProtocol. To satisfy those conditions, I have implemented a method to convert from AVAudioPCMBuffer type to Data type. func makeDataFromPCMBuffer(buffer: AVAudioPCMBuffer, time: AVAudioTime) -> Data {         let audioBuffer = buffer.audioBufferList.pointee.mBuffers         let data: Data!         data = .init(bytes: audioBuffer.mData!, count: Int(audioBuffer.mDataByteSize))         return data     } Implementation above is referenced from this post The problem is that the size of converted data is too big to fit in UDP datagram and error below occurs when I try to send data. I have found out that initial size of buffer is too big to fit in maximumDatagramSize. Below is code regarding to buffer.         let tapNode: AVAudioNode = mixerNode         let format = tapNode.outputFormat(forBus: 0)         tapNode.installTap(onBus: 0, bufferSize: 4096, format: format, block: { (buffer, time) in          // size of buffer: AVAudioPCMBuffer is 19200 already.             let bufferData = self.makeDataFromPCMBuffer(buffer: buffer, time: time)             sharedConnection?.sendRecordedBuffer(buffer: bufferData)         }) I need to reduce size of AVAudioPCMBuffer to fit in UDP datagram, But I can't find right way to do it. What would be best way to make data fit in datagram? I thought of dividing data in half, but this is UDP so I'm not sure how to handle those datas when one data has lost. So I'm trying to make AVAudioPCMBuffer fit in datagram. Any help would be very appreciated!

I am trying to connect wpa2 enterprise wifi using iPhone app programmatically.before that I tried connecting to that wifi manually:From Settings in iPhone deviceUsed these three parameters SSID, Username, passwordAfter that it ask to trust the certificate and trusting the certificate, the wifi get connect, Done!Now I am trying to connect wifi programmatically using following code:NEHotspotEAPSettings *settings = [[NEHotspotEAPSettings alloc]init]; settings.password = self.password.text; settings.username = self.username.text; settings.supportedEAPTypes = [NSArray arrayWithObjects:[NSNumber numberWithInteger:NEHotspotConfigurationEAPTypeEAPPEAP], nil]; NEHotspotConfiguration *configuration = [[NEHotspotConfiguration alloc]initWithSSID:self.ssid.text eapSettings:settings]; [[NEHotspotConfigurationManager sharedManager]applyConfiguration:configuration completionHandler:^(NSError * _Nullable error) { if (error) { NSLog(@"Error: %@",error.localizedDescription); } else { NSLog(@“Connected”); } }];but this code gives an errorInvalid EAP settings : NEHotspotConfiguration EAP settings must have either trusted server certificates or trusted server names configuredSince I don’t have any trusted server certificate or trusted server name. What should I set in the **** property of NEHotspotEAPSettings (passing nil also gives me same error)settings.trustedServerNamesPlease help to solve this. Thanks!

I want to get a list of available Wi-Fi networks in my IOS app and establish a connection with the user selected network without having to leave the app. How can i do this?

Consider the following situation: user uploads a large file via a share extension (extension writes upload details into shared DB and initiates background transfer), then quickly realizes that's a wrong file, so he switches to containing app, opens up a list of uploads and hits "Cancel". Question is, how containing app is supposed to reliably cancel such transfer, given that only one process can access same NSURLSession at the time, a session is not disconnected until all tasks are complete (or connected process is terminated) and extension may not be terminated yet?