-
Re: Which ATS exception keys do I use for encryption mismatch on cipher suite?
eskimo Jan 13, 2017 1:34 AM (in response to ggggg99999)In general
NSExceptionAllowsInsecureHTTPLoads
just enables plain HTTP loads; it does not affect the HTTPS side of things. I’m in two minds as to whether that’s correct behaviour or not, but if you have a strong opinion about this I recommend you put that in a bug report.As to why
NSExceptionRequiresForwardSecrecy
enables 3DES but only whenNSExceptionAllowsInsecureHTTPLoads
is also set, yeah, that’s definitely weird. I’m not sure whether that’s intended behaviour or an artefact of the implementation. If you need a definitive answer about that, you should open a DTS tech support incident and I’ll dig into it. If not, I recommend you file a bug against the ATS documentation to get things clarified there.Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardwarelet myEmail = "eskimo" + "1" + "@apple.com"
-
Re: Which ATS exception keys do I use for encryption mismatch on cipher suite?
ggggg99999 Jan 13, 2017 12:18 PM (in response to eskimo)Ok I think I was making bad assumptions about NSExceptionAllowsInsecureHTTPLoads then because there's at least one special case where you can use it to use HTTPS with things like self-signed certs. So if a cipher suite is not in the main ATS cipher list or the non-PFS cipher list, is it not possible to use some sort of exception to use HTTPS with ATS (besides what I did in my first post)? I only tried that combination because I saw that test pass in nscurl.
-