This year, Apple officially launched the IOS9 system, with many fruit powders readily installed. This system upgrade, Apple's big move is to require the HTTP protocol to upgrade all to the HTTPS protocol, so that users in the use of various types of apps, personal privacy information to be more advanced protection.
Apple has an extremely large application ecosystem. IOS9 's built-in security feature called App Transport (ATS) requires that all information entering the IOS 9 device must be HTTPS encrypted.
From the perspective of the final data analysis, HTTPS and HTTP are not fundamentally different. For the receiving end, the SSL/TSL will decrypt the received packets and pass the data to the HTTP protocol layer, which forms the HTTP data. HTTPS, on the other hand, encrypts the HTTP packets through the SSL/TSL layer, thus guaranteeing the security of the transmitted data. For example: If the original HTTP is a plastic pipe, easy to be punctured, then the new design of HTTPS today is like in the original plastic pipe, and then a layer of metal pipe. As a result, the original plastic pipe is still running, and secondly, after being reinforced with metal, it is not easy to be punctured.
IOS9 introduced ATS, icing on the cake. At the same time, this means that a large number of mobile internet companies using HTTP need to speed up the pace, in the near future to switch to HTTPS decision. The major mobile Internet enterprises can choose Wosign CA SSL certificate, pay SSL certificate, free SSL certificate on Demand, global trust, support all browsers and mobile terminal. The new mobile Internet dedicated SSL Certificate ECC certificate is more advantageous. Wosign ECC Certificate uses the new international standard encryption algorithm-elliptic curve ECC encryption algorithm, its key length only 256 bits length, only RSA encryption algorithm equivalent encryption strength key length (3,072 bit) one-twelveth. At the same time support the domestic encryption algorithm SM2, the key length is also 256 bits. Click Wosign ECC Certificate for more information.
The application of Apple mobile phone ecosystem is very perfect, in the field of mobile phones, the application of the highest quality, the most complete category. Many people choose Apple, which is completely directed to the powerful application ecology. This IOS9 to the app's horizontal knife immediately, naturally requires these companies to upgrade their security performance.
In theory, TLS is the new nickname for SSL and the HTTPS protocol, which establishes an SSL secure channel between the client browser and the Web server. This security protocol is mainly used to provide authentication to the user and server, encrypt and hide the transmitted data, ensure that the data is not changed in the transmission, that is, the integrity of the data, has become the standard of globalization in this field. Because SSL technology has been established in all major browsers and Web server programs, so only need to install a server certificate can activate the function, that is, through it can activate the SSL protocol, the data information between the client and the server encrypted transmission, can prevent the disclosure of data information. The security of the information is guaranteed, and the user can verify that the website he visits is true and reliable through the server SSL certificate.
In practice, the app HTTP upgrade to HTTPS, the process is not complex, the cost is not high. The company only needs to find a state-licensed digital certificate issuing CA agency to request an SSL certificate for the app to deploy the HTTPS protocol, so that the server upgrade using TLS 1.2. In this way, the transmitted data is encrypted and hidden, ensuring that the data is not changed in the transmission.
Under the trend of mobile Internet, the solution of information security is imminent. It is not difficult for enterprises to add TLS1.2 to the app, the core question is whether the enterprise realizes this. In the pursuit of users and Dau, the enterprise has no security for users to add a strong sense of lock, is the key to health to promote the Internet economy.
In the information age, we have been in the information eavesdropping, tampering, posing the three major risks, and the SSL/TLS protocol is designed to address these three major risks. Apple's increased use of security controls, fully showing Apple's emphasis on information security, and the fact that most applications are transmitting data unencrypted or privately encrypted, so Apple began asking developers to force developers to use the HTPS protocol. This seemingly "overbearing" initiative, is the real responsibility for the interests of users.
This article is from the "Uncle Li" blog, please be sure to keep this source http://lidashu.blog.51cto.com/12659943/1905143
Apple IOS9 system pushes HTTPS to enhance personal privacy information protection