|
|
@@ -1101,13 +1101,16 @@ If you run into this problem (high probability with self-signed certificates), y
|
|
|
<false/>
|
|
|
<key>NSIncludesSubdomains</key>
|
|
|
<true/>
|
|
|
+ <!-- Optional: Specify minimum TLS version -->
|
|
|
+ <key>NSTemporaryExceptionMinimumTLSVersion</key>
|
|
|
+ <string>TLSv1.2</string>
|
|
|
</dict>
|
|
|
</dict>
|
|
|
</dict>
|
|
|
</dict>
|
|
|
```
|
|
|
|
|
|
-Whether you need to set the `NSExceptionRequiresForwardSecrecy` to `NO` depends on whether your TLS connection is using an allowed cipher suite. In certain cases, it will need to be set to `NO`. The `NSExceptionAllowsInsecureHTTPLoads` MUST be set to `YES` in order to allow the `SessionDelegate` to receive challenge callbacks. Once the challenge callbacks are being called, the `ServerTrustPolicyManager` will take over the server trust evaluation.
|
|
|
+Whether you need to set the `NSExceptionRequiresForwardSecrecy` to `NO` depends on whether your TLS connection is using an allowed cipher suite. In certain cases, it will need to be set to `NO`. The `NSExceptionAllowsInsecureHTTPLoads` MUST be set to `YES` in order to allow the `SessionDelegate` to receive challenge callbacks. Once the challenge callbacks are being called, the `ServerTrustPolicyManager` will take over the server trust evaluation. You may also need to specify the `NSTemporaryExceptionMinimumTLSVersion` if you're trying to connect to a host that only supports TLS versions less than `1.2`.
|
|
|
|
|
|
> It is recommended to always use valid certificates in production environments.
|
|
|
|
Marandon Antoine