You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Beyond #815 there are some other changes needed to be compatible with iOS 9 / OS X 10.11 App Transport Security:
MYAnonymousIdentity needs to use SHA-256 when signing the cert.
When validating server trust in the NSURLConnection callback, update the returned SecTrustRef to have a result of 'proceed', otherwise ATS will reject the connection even though we accepted the cert.
HTTPConnection needs to specify a TLS version at minimum 1.0, not exactly 1.0. (This was already fixed but I'm calling it out because it's not in CBL 1.1.)
To be able to connect to a peer running iOS 8 or OS X 10.10, though, the app will need to add an ATS exception to its Info.plist to turn off the requirement for forward secrecy in the SSL cipher. This is because the older OS's don't support the necessary ciphers. The property add to the Info.plist looks like:
NSAppTransportSecurity = {
NSExceptionDomains = {
local = {
NSIncludesSubdomains = YES,
NSExceptionRequiresForwardSecrecy = NO
}
}
}
(The above is for Bonjour connections, i.e. the ".local" domain. Adapt as necessary for other domains.)
The text was updated successfully, but these errors were encountered:
Beyond #815 there are some other changes needed to be compatible with iOS 9 / OS X 10.11 App Transport Security:
To be able to connect to a peer running iOS 8 or OS X 10.10, though, the app will need to add an ATS exception to its Info.plist to turn off the requirement for forward secrecy in the SSL cipher. This is because the older OS's don't support the necessary ciphers. The property add to the Info.plist looks like:
(The above is for Bonjour connections, i.e. the ".local" domain. Adapt as necessary for other domains.)
The text was updated successfully, but these errors were encountered: