[Transfer]ios9 NEW_001:IOS9 network adaptation (ATS)
Download Xcode7 Open app Everyone found that their app is not connected to the Internet, why?
Apple's official documents are as follows:
APP Transport Security
App Transport Security (ATS) enforces best practices in the secure connections between a app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; It is also on by default in IOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you ' re creating a new app or updating an existing one.
If you ' re developing a new app, you should use HTTPS exclusively. If you had an existing app, you should use HTTPS as much as can right now, and create a plan for migrating the rest O F your app as soon as possible. In addition, your communication through higher-level APIs needs to BES encrypted using TLS version 1.2 with forward secrecy . If you try to make a connection that doesn ' t follow this requirement, an error is thrown. If your app needs to make a request to a insecure domain and you have to specify this domain in your app ' s Info.plist
file
That is, starting with iOS9, all HTTP requests are changed to HTTPS with the TLS 1.2 protocol, which is designed to enhance data security. If it is not updated, it can be declared in Info.plist temporarily, using unsecured network requests.
Let's introduce the Setup method:
The simplest method is to add the following fields in Info.plist (ATL disabled):
< Key > Nsapptransportsecurity</key><dict> <key>nsallowsarbitraryloads</key> <true/></dict>
Also namely:
Below is a detailed discussion of ATS:
What is TLS?
TLS (Transport Layer Security Protocol) is developed on the basis of SSL 3.0, the most widely used is TLS 1.0, followed by SSL 3.0, but the mainstream browser has implemented TLS 1.2 support. TLS 1.0 is typically marked as SSL 3.1,TLS 1.1 for SSL3.2,TLS 1.2 for SSL 3.3.
The function of Tls/ssl is to encrypt and sign the transmitted information, to ensure that the third party cannot obtain the decrypted information and forge one party to send the information to the other.
The basic idea is to use public key cryptography, that is, the client to the server to request the public key, and then use the public key to encrypt information, the server received the ciphertext, with its own private key decryption.
Specific implementation details and the operation of the process is not to repeat.
What is the relationship between TLS and HTTPS?
HTTPS is plainly a combination of the HTTP protocol and the SSL/TLS protocol, which can be broadly understood as "http over SSL" or "http over TLS".
Without SSL/TLS HTTP communication, all information is transmitted in plaintext, resulting in three major risks:
1, eavesdropping risk: Third party can learn the content of the communication;
2, Tamper risk: Third party may modify the communication content;
3. Impersonation risk: Third parties can participate in the communication by impersonating someone else's identity.
The SSL/TLS protocol is designed to address these three risks and is expected to achieve:
1, all information is encrypted transmission, third party can not eavesdrop;
2, with a calibration mechanism, once tampered with, the two sides will immediately find the communication;
3, equipped with identity cards, to prevent identity is impersonating.
As we all know, iOS9 strengthens the protection of user privacy and data security, so it is forced to upgrade to HTTPS, and it is called App Transport Security (ATS). Although capricious, but also in line with the Apple style reasonable decision.
What are we going to do? (Fit Solution)
In simple terms, there are two options:
Select one (also the fundamental choice): The server is upgraded to TLS 1.2, parsing the data.
Select two (to solve the urgent problem): fit in Info.plist.
The following is a detailed description of the configuration of choice two.
The simplest method of adaptation is to change the following XML source in the Info.plist configuration:
<key>NSAppTransportSecurity</key><dict> <key>NSAllowsArbitraryLoads</key> <true/></dict>
Also namely:
In fact, there are many other keys besides Nsallowsarbitraryloads, as follows:
The meanings are:
Nsapptransportsecurity
Top level key for ATS.
Nsallowsarbitraryloads
Sets whether ATS is turned off for any request and defaults to No (on).
Nsexceptiondomains
Place a dictionary of domains that needs to close ATS.
<domain-name-for-exception-as-string>
Set the domains to turn off ATS. Where key is the domain name.
Nsexceptionminimumtlsversion
Sets the minimum supported TLS version, which defaults to TLS 1.2.
Nsexceptionrequiresforwardsecrecy
Sets the password method to use.
Nsexceptionallowsinsecurehttploads
Sets whether to allow HTTP requests, default to No.
Nsrequirescertificatetransparency
Sets whether an SSL certificate is required.
Nsincludessubdomains
Set whether to allow subdomains
Nsthirdpartyexceptionminimumtlsversion
Nsthirdpartyexceptionrequiresforwardsecrecy
Nsthirdpartyexceptionallowsinsecurehttploads
Set up a third-party ATS.
Specific functions of each key can be found in:
Https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html
Other specific configuration methods can be found in:
http://www.neglectedpotential.com/2015/06/working-with-apples-application-transport-security/
The number of users in each iOS system upgrade is large, it is foreseeable that when the iOS9 release, there will be large numbers of users migrated, so HTTPS adaptation for a more user experience and data security is very important.
Reference:
1, https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#// Apple_ref/doc/uid/tp40016198-dontlinkelementid_13
2, https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/index.html
3, http://www.ruanyifeng.com/blog/2014/02/ssl_tls.html
4, http://www.neglectedpotential.com/2015/06/working-with-apples-application-transport-security/
IOS9 Network Adaptation (ATS)