To configure a per-domain exception so that your app can connect to a non-secure (or non TLSv1.2-enabled secure host), add these keys to your Info.plist (and note that Xcode doesn’t currently auto-complete these keys as of the first Xcode 7 beta seed):
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
There are other keys that you can use to configure App Transport Security as well, such as:
NSRequiresCertificateTransparency NSTemporaryExceptionRequiresForwardSecrecy NSTemporaryThirdPartyExceptionAllowsInsecureHTTPLoads NSTemporaryThirdPartyExceptionMinimumTLSVersion NSTemporaryThirdPartyExceptionRequiresForwardSecrecy
No comments:
Post a Comment