Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Lack of CFStream constants for specifying TLS 1.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lack of CFStream constants for specifying TLS 1.2

Subject: Lack of CFStream constants for specifying TLS 1.2
From: Jens Alfke <email@hidden>
Date: Mon, 15 Jun 2015 17:30:58 -0700

If Apple is now going to mandate that apps only connect to servers using TLS 1.2, then shouldn’t there be a supported way to configure CFStream to obey that rule? Even in the iOS 9 SDK there still isn’t any constant denoting a TLS version higher than 1.0 (kCFStreamSocketSecurityLevelTLSv1.)

Technote 2287* names some ‘new’ values for TLS 1.1 and 1.2 that were added back in iOS 5 but don’t have their own string constants yet (rdar://10229865). Four years (and ten million Radars) later, the constants are still missing.

I’m also curious about the TLS 1.2 server compatibility problems described in that technote. The recommendation then was to revert back to SSLv3, which I did because some users were running into this issue. Then security flaws were found in SSLv3, so I bumped it up to TLS 1. Should I now use the unofficial TLS 1.2 constant?

—Jens

* https://developer.apple.com/library/ios/technotes/tn2287/_index.html

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Follow-Ups:
- Re: Lack of CFStream constants for specifying TLS 1.2
  - From: "Quinn \"The Eskimo!\"" <email@hidden>

Prev by Date: Re: Third-party peer-to-peer Wi-Fi?
Next by Date: Re: Lack of CFStream constants for specifying TLS 1.2
Previous by thread: Re: OpenSSL -> Secure Transport for libevent2
Next by thread: Re: Lack of CFStream constants for specifying TLS 1.2
Index(es):
- Date
- Thread