App Transport Security and non-HTTP protocols

Question

Created Jul ’15

Replies 2

Boosts 0

Participants 2

"App Transport Security" seems to apply only to HTTP connections made through NSURLSession, but it's not entirely clear whether "App Transport Security" requirements also apply for custom protocols when using Secure Transport Reference.

Can I get definitive answer about that?

Also what exactly does "higher-level APIs" refer to in this sentence "In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy." from App Transport Security section of "What's New in iOS 9.0"?

Thanks.

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’15

ATS applies to NSURLSession (and the now-legacy) NSURLConnection only.

Of course, if you're using low-level APIs to implement your own TLS-based protocol, it'd be a good idea to require the same level of security as ATS provides. There is not currently a way to do that—you can reimplement ATS's algorithm, but there's no API that says 'do what ATS would do'—but that'd make a fine enhancement request.

If you do file a bug, please post your bug number, just for the record.

Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

0

Answer 2

jscrump59 OP

Jun ’16

eskimo,

I'm sorry for piggy backing on this question as this the first time in 3 years that I've used the forum.

I've been working on an app that connects to a secure https site with a valid ssl certificate to obtain a ticket id, a short lived twofish key and an ip address to one of many other "plain http worker" servers. My app creates an encrypted message after the header which the "worker" sites can process. The data is binary encoded as a part of the message. The keys are very short lived. The ssl server shares the "plain text" ticket id and the "twofish key" with the other server through a ssl tunnel.

Would this qualify as a valid exception?

jscrump59

0