Posts

Post not yet marked as solved
3 Replies
507 Views
Hello, I run into at least a couple of posts (here - https://developer.apple.com/forums/thread/122354/ and here) - https://developer.apple.com/forums/thread/100539/ that appear to have a very similar if not the same question, both aswered by Eskimo. I saw his observations about why it makes sense to configure the specific set of ciphers to be configured in the server and I agree with the observation when the server is totally in your control. We have a business/security requirement to in addition of the server, also limit the TLS session to only support a specific subset of cipher suites. I think the case in mind is that our app may be configured to connect to server endpoints where we are not necessarily in control of, and to minimize security gaps, we would like to also from the client side support only a specific subset of suites. Our networking layer uses NSURLSession as we know that's the general recommendation, if this API does not support it, what are our options to be able to comply with our requirement? I found a lower-level API Secure Transport framework - https://developer.apple.com/documentation/security/secure_transport that has some functions to retrieve/set cipher suites, but it seems these APIs are mostly deprecated now. This documentation refers us to use the newer Network framework - https://developer.apple.com/documentation/network?language=objc instead, I noticed some TLS related APIs, such as TLS Options - https://developer.apple.com/documentation/network/tls_options?language=objc, but nothing specific for ciphers. Any advice?
Posted
by jsant.
Last updated
.