• Bittu Davis

How to TLS

With increased threats to SSL, TLS has now become an inevitable security layer for most apps. Along with supporting newer and secure algorithms, it does provide better privacy and data integrity between two applications. Before any data exchange, both server and client are authenticated using Handshake protocol by TLS.

Let us see how to do TLS implementation in iOS:

The part where we actually provide this specification is when you initiate your URLSession. TLS is applied for whole session by configuring the same in URLSessionConfiguration.

You can provide minimum and maximum supported version in session configuration. The servers side can give you more details on which version they supports or planning to support in future. iOS provides keywords tlsMinimumSupportedProtocol and tlsMaximumSupportedProtocol for TLS compatibility.

Supported protocols as defined the library as enum is given below: (this is from Xcode 10)

public enum SSLProtocol : Int32 {
    case sslProtocolUnknown // no protocol negotiated/specified;              use default
    case sslProtocol3 // SSL 3.0
    case tlsProtocol1 // TLS 1.0
    case tlsProtocol11 // TLS 1.1
    case tlsProtocol12 // TLS 1.2
    case dtlsProtocol1 // DTLS 1.0
    case tlsProtocol13 // TLS 1.3
    case tlsProtocolMaxSupported // Max system-supported version
    case sslProtocol2 // SSL 2.0. DEPRECATED on iOS.
    case sslProtocol3Only // SSL 3.0. DEPRECATED on iOS.
    case tlsProtocol1Only // TLS 1.0 Only. DEPRECATED on iOS.
    case sslProtocolAll // All TLS supported protocols. DEPRECATED on iOS.

If your server supports the current latest version of TLS 1.2, then the code you need to implement will look like below.

func createSession() -> URLSession { 
    return URLSession.init(configuration: sessionConfiguration()) }

func sessionConfiguration() -> URLSessionConfiguration {
    let configuration = URLSessionConfiguration.default
    configuration.tlsMinimumSupportedProtocol = .tlsProtocol12
    configuration.tlsMaximumSupportedProtocol = .tlsProtocol12
    configuration.timeoutIntervalForRequest = 30
    return configuration

Here code provides max and min versions for TLS as 1.2. In future if the server is planning to support whatever new versions that comes in and you don’t want to release the app every time when that happens, you can provide the max as tlsProtocolMaxSupported

The usage of tlsProtocolMaxSupported can be applied from iOS versions more than 11.0. So if your application got compatibility from iOS 9 or so, then you need to do version check and apply like below.

if #available(iOS 11.0, *) {
      configuration.tlsMaximumSupportedProtocol = .tlsProtocolMaxSupported

By preventing handshake on data exchange with TLS you are making a little difficult for [that person] to hack your precious app.

Good day.

#transportsecuritylayer #ios #security #iossecurity #tls #secure #tls1.2

  • LinkedIn

©2020 by Bittu Davis.