app-transport-security
Export Compliance in iOS App Submission
When you know that you ARE export compliant you can put this in your Info.plist: <key>ITSAppUsesNonExemptEncryption</key> <false/> This will prevent App Store Connect from asking you questions about export compliance.
iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”
For the iOS9, Apple made a radical decision with iOS 9, disabling all unsecured HTTP traffic from iOS apps, as a part of App Transport Security (ATS). To simply disable ATS, you can follow this steps by open Info.plist, and add the following lines: <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>
How to use NSURLConnection to connect with SSL for an untrusted cert?
There is a supported API for accomplishing this! Add something like this to your NSURLConnection delegate: – (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]; } – (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) if ([trustedHosts containsObject:challenge.protectionSpace.host]) [challenge.sender useCredential:[NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust] forAuthenticationChallenge:challenge]; [challenge.sender continueWithoutCredentialForAuthenticationChallenge:challenge]; } Note that connection:didReceiveAuthenticationChallenge: can send its message to challenge.sender (much) …
How do I load an HTTP URL with App Transport Security enabled in iOS 9? [duplicate]
See Apple’s Info.plist reference for full details (thanks @gnasher729). You can add exceptions for specific domains in your Info.plist: <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>testdomain.com</key> <dict> <key>NSIncludesSubdomains</key> <true/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSExceptionRequiresForwardSecrecy</key> <true/> <key>NSExceptionMinimumTLSVersion</key> <string>TLSv1.2</string> <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key> <false/> <key>NSThirdPartyExceptionRequiresForwardSecrecy</key> <true/> <key>NSThirdPartyExceptionMinimumTLSVersion</key> <string>TLSv1.2</string> <key>NSRequiresCertificateTransparency</key> <false/> </dict> </dict> </dict> All the keys for each excepted domain are optional. The speaker …
Transport security has blocked a cleartext HTTP
Use NSAppTransportSecurity: You have to set the NSAllowsArbitraryLoads key to YES under NSAppTransportSecurity dictionary in your info.plist file.