關於iOS9中的App Transport Security相關說明及適配(更新於2016.7.1)
| 2016.7.1 | 根據蘋果官方文檔的修改作出文檔的調整,並加入對診斷ATS的命令行工具nscurl進行說明。 |
| 2015.8.19 | 解決在iOS9下基於ATS對HTTP的請求的說明及適配進行說明 |
iOS9中新增App Transport Security(簡稱ATS)特性, 主要使到原來請求的時候用到的HTTP,都轉向TLS1.2協議進行傳輸。這也意味着全部的HTTP協議都強制使用了HTTPS協議進行傳輸。原文以下:html
| App Transport Securityios
App Transport Security (ATS) enforces best practices in the secure connections between an app and its back end. ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt; it is also on by default in iOS 9 and OS X v10.11. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.算法 If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible. In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn't follow this requirement, an error is thrown. If your app needs to make a request to an insecure domain, you have to specify this domain in your app's |
若是咱們在iOS9下直接進行HTTP請求是會收到以下錯誤提示:瀏覽器
App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.安全
系統會告訴咱們不能直接使用HTTP進行請求,須要在Info.plist新增一段用於控制ATS的配置:bash
<key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>
也即:服務器
這段配置中的NSAppTransportSecurity是ATS配置的根節點,配置了節點表示告訴系統要走自定義的ATS設置。而NSAllowsAritraryLoads節點則是控制是否禁用ATS特性,設置YES就是禁用ATS功能。網絡
ATS是在iOS 9.0 和 OS X v10.11版本中增長的特性,使用iOS 9.0或者OS X v10.11的SDK版本(或更新的SDK)進行編譯應用時會默認啓動ATS。則須要對ATS進行配置。若是使用iOS 9.0或者OS X v10.11以前的SDK版本編譯的應用默認是禁止ATS的,所以不會影響應用的網絡鏈接方面的功能(即便在iOS 9.0的機子上跑也是不影響的)。app
直到前面的配置能夠完美的適配iOS9了,可是若是你想遵循蘋果給出的標準,讓本身的數據更加安全,那麼須要繼續往下看。
其實ATS並不僅僅針對HTTP進行了限制,對HTTPS也有必定的要求,以百度的地址爲例(注:舉該栗子的時候百度是還沒符合ATS的要求的,如今百度已經支持ATS),若是在App中請求https://www.baidu.com的話,是會收到以下的錯誤信息:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
查閱了一下官方資料(https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW33),發現HTTPS的請求須要知足下面的要求:
Requirements for Connecting Using ATSWith ATS fully enabled, your app’s HTTP connections must use HTTPS and must satisfy the following security requirements:
|
根據原文描述,首先頒發給服務器證書的證書機構(CA)的根證書必須是內置於操做系統(哪些根證書被信任能夠查看https://support.apple.com/zh-cn/HT205205,或者在你的機子的設置-通用-關於本機最下面的「進一步瞭解被信任的證書」中查看)或者受用戶或者系統管理員信任並安裝到操做系統上的。並且必需要基於TLS 1.2版本協議。再來就是鏈接的加密方式要提供Forward Secrecy(FS正向保密,感興趣的筒子能夠看看這個https://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html),文檔中羅列出了支持的加密算法(上面的原文中有說明,我把它獨立抽出來放到下面表格中查看)。最後就是證書至少要使用一個SHA256的指紋與任一個2048位或者更高位的RSA密鑰,或者是256位或者更高位的ECC密鑰。若是不符合其中一項,請求將被中斷並返回nil。
| 支持Forward Secrecy的加密方式
|
咱們再來看剛纔的百度的地址,用瀏覽器打開百度的地址,而後點擊連接前面的鎖圖標,如圖:
能夠看到它使用了TLS 1.2版本協議,符合上面所說的TLS版本的約定。
而後在點擊證書信息,查看頒發給它證書的CA的根證書,如圖:
能夠看到它的根證書名稱是:VeriSign Class 3 Public Primary Certification Authority - G5,根據這個名字在以前提供URL中去尋找iOS9下受信任的根證書是否有存在該證書,結果是能夠找到對應的證書信息的,以下圖所示:
最後回到以前的鏈接信息面板能夠看到使用AES_128_GCM進行加密,並使用ECDHE_RSA做爲密鑰交換機制的,咱們能夠在Forward Secrecy的列表中找到對應兩條記錄:
-
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 -
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
可是還不能肯定百度是否提供Forward Secrecy,咱們再點開證書信息,查看「簽發者名稱」和「公共密鑰信息」兩項,如圖:
看到簽名算法中寫着「帶RSA加密的SHA-1」。能夠斷定該加密算法不包含在上面兩項中。所以百度是一個不符合ATS的要求,因此返回了錯誤。這時候,若是要解決這樣的問題,一樣須要對ATS進行配置。配置以下:
<key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>baidu.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict>
其中NSIncludesSubdomains設置爲YES表示百度的子級域名都使用相同設置。NSExceptionRequiresForwardSecrecy爲NO因爲百度不支持ForwardSecrecy,所以屏蔽掉改功能。最後NSExceptionAllowInsecureHTTPLoads設置爲YES,則表示容許訪問沒有證書或者是自簽名、過時、主機名不匹配的證書引起的錯誤的域名(這裏檢查過百度的證書貌似沒有什麼問題,可是仍是須要設置此項才容許訪問)。
----------------------------
在最近的測試中因爲百度已經支持ATS(昨天@Jolie_Yang給我留言才知道的^_^),而我在不配置任何ATS設置的時候使用NSURLConnection去測試https://www.baidu.com返回的結果仍是報錯的。後來,我用NSURLSession去測試該網址發現是能夠正常訪問。
蘋果官方是推薦使用NSURLSession去作HTTP請求的,雖說NSURLConnection一樣支持ATS方面的特性,但從我上面的測試來看估計它們二者的默認行爲上有些不同,因此若是還在使用NSURLConnection的同窗應該儘早切換到NSURLSession上,避免產生一些沒必要要錯誤。
最後,說到如何診斷一個URL是否支持ATS,這裏給你們介紹一些nscurl這個命令行工具,這個工具是OS X v10.11上新增的,主要用於診斷ATS帶來的鏈接問題,利用它能夠在命令行中直接檢測一個URL地址是否支持ATS。其用法以下:
/usr/bin/nscurl --ats-diagnostics [--verbose] URL
URL - 表示用來診斷的網址
verbose - 該選項將會爲每次的鏈接包含更多信息,包括使用到Info.plist中的哪些key和對應的值也會列出來。
仍是以百度爲例,對其https://baidu.com進行診斷,命令以下:
nscurl --ats-diagnostics https://baidu.com
其輸出信息以下:
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://baidu.com. A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error. Use '--verbose' to view the ATS dictionaries used and to display the error received in URLSession:task:didCompleteWithError:. ================================================================================ Default ATS Secure Connection --- ATS Default Connection 2016-07-19 17:51:43.156 nscurl[7936:828662] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file. Result : FAIL --- ================================================================================ Allowing Arbitrary Loads --- Allow All Loads Result : PASS --- ================================================================================ Configuring TLS exceptions for baidu.com --- TLSv1.2 Result : FAIL --- --- TLSv1.1 Result : FAIL --- --- TLSv1.0 Result : FAIL --- ================================================================================ Configuring PFS exceptions for baidu.com --- Disabling Perfect Forward Secrecy Result : FAIL --- ================================================================================ Configuring PFS exceptions and allowing insecure HTTP for baidu.com --- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP Result : FAIL --- ================================================================================ Configuring TLS exceptions with PFS disabled for baidu.com --- TLSv1.2 with PFS disabled Result : FAIL --- --- TLSv1.1 with PFS disabled Result : FAIL --- --- TLSv1.0 with PFS disabled Result : FAIL --- ================================================================================ Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for baidu.com --- TLSv1.2 with PFS disabled and insecure HTTP allowed Result : FAIL --- --- TLSv1.1 with PFS disabled and insecure HTTP allowed Result : FAIL --- --- TLSv1.0 with PFS disabled and insecure HTTP allowed Result : FAIL --- ================================================================================
能夠看到除了Allowing Arbitrary Loads一項的Result是Pass,其餘的Result都是FAIL,那這證實了baidu.com尚未支持ATS,可是從它的證書來看是已經支持的了,爲了瞭解更詳細的信息,咱們把verbose選項加入再進行診斷一下,來了解更多的信息,命令以下:
nscurl --ats-diagnostics --verbose https://baidu.com
其信息輸出以下:
vimfungdeMac-mini:~ vimfung$ nscurl --ats-diagnostics --verbose https://baidu.com
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://baidu.com.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
2016-07-19 17:57:24.887 nscurl[7971:833843] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac41703970 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
================================================================================
Allowing Arbitrary Loads
---
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
Result : PASS
---
================================================================================
Configuring TLS exceptions for baidu.com
---
TLSv1.2
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac4164cc20 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
---
TLSv1.1
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac4143dfc0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
---
TLSv1.0
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac4143e480 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
================================================================================
Configuring PFS exceptions for baidu.com
---
Disabling Perfect Forward Secrecy
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac414358c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for baidu.com
---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac416589a0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
================================================================================
Configuring TLS exceptions with PFS disabled for baidu.com
---
TLSv1.2 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac41633bf0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
---
TLSv1.1 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac414625e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
---
TLSv1.0 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac41464e40 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for baidu.com
---
TLSv1.2 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac41468d40 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
---
TLSv1.1 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac4146a6e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
---
TLSv1.0 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSUnderlyingError=0x7fac416932b0 {Error Domain=kCFErrorDomainCFNetwork Code=-1022 "(null)"}, NSErrorFailingURLStringKey=http://www.baidu.com/, NSErrorFailingURLKey=http://www.baidu.com/, NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection.}
---
================================================================================
能夠看到了更多的信息,包括了Info.plist中的配置項和請求的錯誤描述信息。其中發現當請求https://baidu.com的時候,它會報NSErrorFailingURLKey=http://www.baidu.com。因此,我估計是百度對這個網址進行了跳轉,而跳轉到的地址就是http://www.baidu.com,因此不可靠的HTTP鏈接都被ATS被攔截了,纔會出現Fail的結果。
所以,我嘗試換了https://www.baidu.com再次進行測試,其輸入結果以下:
vimfungdeMac-mini:~ vimfung$ nscurl --ats-diagnostics --verbose https://www.baidu.com
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://www.baidu.com.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
Result : PASS
---
================================================================================
Allowing Arbitrary Loads
---
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
Result : PASS
---
================================================================================
Configuring TLS exceptions for www.baidu.com
---
TLSv1.2
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
};
};
}
Result : PASS
---
---
TLSv1.1
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
};
};
}
Result : PASS
---
---
TLSv1.0
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
};
};
}
Result : PASS
---
================================================================================
Configuring PFS exceptions for www.baidu.com
---
Disabling Perfect Forward Secrecy
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for www.baidu.com
---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Configuring TLS exceptions with PFS disabled for www.baidu.com
---
TLSv1.2 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.1 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.0 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for www.baidu.com
---
TLSv1.2 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.1 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.0 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"www.baidu.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
輸出的結果都是Pass的了,那證實百度仍是支持ATS的。好了,這是我最新對ATS的研究,但願對你們有用。
- 1. 關於iOS9中的App Transport Security相關說明及適配(更新於2016.7.1)
- 2. 關於iOS9中的App Transport Security相關說明及適配(轉)
- 3. 關於App Transport Security的更新,中英文對照 --Xcode 7 --iOS9
- 4. iOS9中的App Transport Security
- 5. iOS9適配關於URL Schemes
- 6. 關於iOS9適配中的坑
- 7. 關於iPad app適配iphone
- 8. 關於小程序中網絡相關API的說明
- 9. 關於綠跑App的說明
- 10. /etc/security/limits.conf的相關說明
- 更多相關文章...
- • XML 相關技術 - XML 教程
- • Spring基於Annotation裝配Bean - Spring教程
- • NewSQL-TiDB相關
- • 適用於PHP初學者的學習線路和建議
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. 關於iOS9中的App Transport Security相關說明及適配(更新於2016.7.1)
- 2. 關於iOS9中的App Transport Security相關說明及適配(轉)
- 3. 關於App Transport Security的更新,中英文對照 --Xcode 7 --iOS9
- 4. iOS9中的App Transport Security
- 5. iOS9適配關於URL Schemes
- 6. 關於iOS9適配中的坑
- 7. 關於iPad app適配iphone
- 8. 關於小程序中網絡相關API的說明
- 9. 關於綠跑App的說明
- 10. /etc/security/limits.conf的相關說明