TLS clients using the SecureTransport APIs can’t use TLS 1.3.Īpp Transport Security provides default connection requirements so that apps adhere to best practices for secure connections when using NSURLConnection, CFURL, or NSURLSession APIs. In iOS 12.2, TLS 1.3 is enabled by default for amework and NSURLSession APIs. In iOS 12.1, certificates issued after October 15, 2018, from a system-trusted root certificate must be logged in a trusted Certificate Transparency log to be allowed for TLS connections. To be more secure, services or apps that require RC4 should be upgraded to use secure cipher suites. By default, TLS clients or servers implemented with SecureTransport APIs don’t have RC4 cipher suites enabled and are unable to connect when RC4 is the only cipher suite available. The RC4 symmetric cipher suite is deprecated in iOS 10 and macOS 10.12. Certificates with RSA keys shorter than 2048 bits are also disallowed. In iOS 11 or later and macOS 10.13 or later, SHA-1 certificates are no longer allowed for TLS connections unless trusted by the user. CFNetwork disallows SSL 3, and apps that use WebKit (such as Safari) are prohibited from making an SSL 3 connection.
High-level APIs (such as CFNetwork) make it easy for developers to adopt TLS in their apps, while low-level APIs (such as amework) provide fine-grained control. Internet apps such as Safari, Calendar, and Mail automatically use this protocol to enable an encrypted communication channel between the device and network services. The TLS protocol supports both AES128 and AES256, and prefers cipher suites with forward secrecy. IOS, iPadOS, and macOS support Transport Layer Security (TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) and Datagram Transport Layer Security (DTLS).
Boot process for iOS and iPadOS devices.Secure intent and connections to the Secure Enclave.Face ID, Touch ID, passcodes, and passwords.
0 kommentar(er)
