There’s no way to get the TLS version that was used for a particular HTTP transaction. This would make a fine enhancement request for NSURLSessionTaskTransactionMetrics.
If you want to find out the version of TLS used on a one-off basis, you can look at a packet trace. See QA1176 Getting a Packet Trace for references to various packet trace tools.
If you want to force a particular TLS version to be used, you can do this in two ways:
If you don’t disable App Transport Security (ATS) for your server, it will enforce TLS 1.2 (or later, if and when such a standard is published and Apple’s OSes support it).
You can also pin the minimum and maximum TLS versions by setting the
TLSMaximumSupportedProtocolproperty in the NSURLSessionConfiguration you use to configure your session.
It’s very likely that any server that supports HTTP/2 will also support TLS 1.2, so pinning the minimum TLS version isn’t a bad idea.
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"