Determine if connection is SSL-ed

Our app has "allow arbitrary loads" in the "App Transport Security Settings" and generally allows both "http" and "https" connections. I want to restrict basic authentication usage to secure connections only, what is the best way to do that?

I have URLSessionTaskDelegate's:

     func urlSession(_ session: URLSession, task: URLSessionTask, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

where I can put the relevant logic, but how do I check if the connection attempt in question is happening over TLS or not? I can check task.currentRequest.url scheme being "http" vs "https", and port being nil vs 80 vs 443, but I hope there is a more robust check.

Up vote post of yetanotherme Down vote post of yetanotherme
743 views
Posted by
yetanotherme
Reply
Add a Comment

Accepted Reply

I can check task.currentRequest.url scheme being http vs https

The droid you’re looking for is the receivesCredentialSecurely property on the protection space.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

I can check task.currentRequest.url scheme being http vs https

The droid you’re looking for is the receivesCredentialSecurely property on the protection space.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

The droid you’re looking for is the receivesCredentialSecurely property on the protection space.

Awesome! Will mark the question answered once I test it.

Posted by
yetanotherme
Up vote reply of yetanotherme Down vote reply of yetanotherme
Add a Comment