4 Replies
      Latest reply on Jun 21, 2016 9:44 PM by Dvyz
      Dvyz Level 1 Level 1 (10 points)

        Hello,

        We have an app which uses STUN, TURN and ICE for nat traversal and my question is do I need to make those network connections to be encrypted? Or does the App Transport Security requirements applies to them?

        Also does ATS applies to a direct IP communication or is it mandatory when using domains?

        Thanks,

        • Re: App Transport Security for NAT Traversal Apps
          eskimo Apple Staff Apple Staff (13,925 points)

          ATS applies to HTTP and HTTPS requests made by NSURLSession (and the new-deprecated NSURLConnection).  Are you using those APIs?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: App Transport Security for NAT Traversal Apps
              Dvyz Level 1 Level 1 (10 points)

              I should have been more clear. In the case of in-home networking, we do use NSURLSession but in the case of out -of-home we use socket apis. (I guess out-of-home is kind of covered) but in-home http calls are not.

                • Re: App Transport Security for NAT Traversal Apps
                  eskimo Apple Staff Apple Staff (13,925 points)

                  In the case of in-home networking, we do use NSURLSession but in the case of out-of-home we use socket apis.

                  Well, that’s weird; normally folks have this the other way around.

                  Regardless, the rules here are clear: if you use NSURLSession, you have to deal with ATS.  Be aware that ATS’s support for local networking is rather limited; for details, see the App Transport Security and local networking thread.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: App Transport Security for NAT Traversal Apps
                      Dvyz Level 1 Level 1 (10 points)

                      Yes, it is weired in a way. The reason is we have a specific device we are looking for in home and which supports only http requests.

                      Btw. great to hear this

                      "It’s possible that the situation with ATS and local networking might change prior to the new ATS requirement being enforced but, if it does not, you will have to ship with NSAllowsArbitraryLoads."