How to TLS- 2 mins
TLS: Transport Layer Security
With increased threats to SSL, TLS has now become an inevitable security layer for most apps. Along with supporting newer and secure algorithms, it does provide better privacy and data integrity between two applications. Before any data exchange, both server and client are authenticated using Handshake protocol by TLS.
Let us see how to do TLS implementation in iOS:
The part where we actually provide this specification is when you initiate your URLSession. TLS is applied for whole session by configuring the same in URLSessionConfiguration.
You can provide minimum and maximum supported version in session configuration. The servers side can give you more details on which version they supports or planning to support in future. iOS provides keywords
tlsMaximumSupportedProtocol for TLS compatibility.
Supported protocols as defined the library as enum is given below: (this is from Xcode 10)
If your server supports the current latest version of TLS 1.2, then the code you need to implement will look like below.
Here code provides max and min versions for TLS as 1.2. In future if the server is planning to support whatever new versions that comes in and you don’t want to release the app every time when that happens, you can provide the max as
The usage of
tlsProtocolMaxSupportedcan be applied from iOS versions more than 11.0. So if your application got compatibility from iOS 9 or so, then you need to do version check and apply like below.
By preventing handshake on data exchange with TLS you are making a little difficult for [that person] to hack your precious app.