Swift開發記錄 - 升級Xcode7&iOS9帶來的問題

iOS9官方說明

###多任務模式 默認狀況下iPadAir2開始支持了多任務模式，雖然看起來不錯。可是這個功能給一些舊項目帶來了一個問題，All interface orientations must be supported unless the app requires full screen. 也就是在默認狀況下，你的應用須要支持全部設備方向（上下左右），或者是在項目以下圖，在項目設置中勾上Requires full screen可去掉這個編譯警告。

###App Transport Security 從iOS9開始，默認關於網絡通訊請求都須要是加密的，且加密方式還要是TLS 1.2 withforward secrecy。這一個蛋疼的更新就基本上消滅了99%以上的服務器了，直接形成App沒法訪問，會提示網站不可信任的異常。 固然Apple默認也提供了一個避免使用默認設置的配置方法。（修改Info.Plist文件）

####取消ATS設定方法（基本就是回到iOS8時代）

<key>NSAppTransportSecurity</key>
<dict>
	<key>NSAllowsArbitraryLoads</key>
	<true/>
</dict>

####忽視指定域名 設定的時候要注意的是，若是將NSIncludesSubdomains設爲true的時候，那麼會默認也忽視其下的子域名。

<key>NSAppTransportSecurity</key>
<dict>
	<key>NSExceptionDomains</key>
	<dict>
		<key>domain1.jp</key>
		<dict>
			<key>NSExceptionRequiresForwardSecrecy</key>
			<false/>
		</dict>
		<key>domain2.jp</key>
		<dict>
			<key>NSExceptionRequiresForwardSecrecy</key>
			<false/>
			<key>NSIncludesSubdomains</key>
			<true/>
		</dict>
	</dict>
</dict>

####官方說明 App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one. If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's Info.plist file. These are the App Transport Security requirements: The server must support at least Transport Layer Security (TLS) protocol version 1.2. Connection ciphers are limited to those that provide forward secrecy (see the list of ciphers below.) Certificates must be signed using a SHA256 or greater signature hash algorithm, with either a 2048-bit or greater RSA key or a 256-bit or greater Elliptic-Curve (ECC) key. Invalid certificates result in a hard failure and no connection.

These are the accepted ciphers:

• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

####Info.plist keys: Structure and types

Key	Type
NSAppTransportSecurity	Dictionary
NSAllowsArbitraryLoads	Boolean
NSExceptionDomains	Dictionary
<domain-name-for-exception-as-string>	Dictionary
NSExceptionMinimumTLSVersion	String
NSExceptionRequiresForwardSecrecy	Boolean
NSExceptionAllowsInsecureHTTPLoads	Boolean
NSIncludesSubdomains	Boolean
NSThirdPartyExceptionMinimumTLSVersion	String
NSThirdPartyExceptionRequiresForwardSecrecy	Boolean
NSThirdPartyExceptionAllowsInsecureHTTPLoads	Boolean

####NSAppTransportSecurity A dictionary containing the settings for overriding default App Transport Security behaviors. The top level key for the app’s Info.plist file.

####NSAllowsArbitraryLoads A Boolean value used to disable App Transport Security for any domains not listed in the NSExceptionDomains dictionary. Listed domains use the settings specified for that domain.

The default value of NOfalse requires the default App Transport Security behavior for all connections.

####NSExceptionDomains A dictionary of App Transport Security exceptions for specific domains. Each key is a string containing the domain name for the exceptions.

####<domain-name-for-exception-as-string> A dictionary of exceptions for the named domain. The name of the key is the name of the domain–for example, www.apple.com.

####NSExceptionMinimumTLSVersion A string that specifies a the minimum TLS version for connections. Valid values are:

• TLSv1.0
• TLSv1.1
• TLSv1.2
• TLSV1.2 is the default value.

####NSExceptionRequiresForwardSecrecy A Boolean value for overriding the requirement that the domain support forward secrecy using ciphers.

YEStrue is the default value and limits the ciphers to those shown in Default Behavior.

Setting the value to NOfalse adds the following the list of accepted ciphers:

• TLSRSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA

####NSExceptionAllowsInsecureHTTPLoads A Boolean value for overriding the requirement that all connections use HTTPS. Use this key to access domains with no certificate, or with an error for a self-signed, expired, or hostname-mismatch certificate.

NOfalse is the default value.

####NSIncludesSubdomains A Boolean value for applying the overrides to all subdomains of the top-level domain.

NOfalse is the default value.

####NSThirdPartyExceptionMinimumTLSVersion A version of NSExceptionMinimumTLSVersion used when the domain is an app service that is not controlled by the developer.

####NSThirdPartyExceptionRequiresForwardSecrecy A version of NSExceptionRequiresForwardSecrecy used when the domain is an app service that is not controlled by the developer.

####NSThirdPartyExceptionAllowsInsecureHTTPLoads A version of NSExceptionAllowsInsecureHTTPLoads used when the domain is an app service that is not controlled by the developer.