TLS 1.2 and Perfect Forward Secrecy

Hi,


The following article states:

The negotiated Transport Layer Security (TLS) version must be TLS 1.2. Attempts to connect without TLS/SSL protection, or with an older version of TLS/SSL, are denied by default.

Is it possible to disable full ATS support in the application?

Is there a way to allow use of TLS 1.0/1.1 without perfect forward secrecy in the application after 1.1.2017?


Regards,

Ilan

Replies

There’s two parts of any ATS question:

  • what can be done technically

  • what App Review will accept

The former is covered by the ATS documentation, that is, the NSAppTransportSecurity section of the Information Property List Key Reference. In their you’ll find a discussion of various ATS exception keys, including

NSExceptionMinimumTLSVersion
.

With regards the latter, I don’t work for App Review and can’t give definitive answers on their behalf. You should look to official Apple statements about this, which I’ve referenced in my App Transport Security pinned post.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"