For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Enforcing TLS-secure connections for Cordova iOS

From iOS 9 Transport Layer Security (TLS) protocol version 1.2 must be enforced in all iOS apps. We can disable this and bypass the iOS 9 requirement for development purposes.


Overview

Apple’s App Transport Security (ATS) is a new feature of iOS 9 that enforces best practices for connections between the app and the server. By default, this feature enforces some connection requirements that improve security. These include client-side HTTPS requests and server-side certificates and connection ciphers that conform to Transport Layer Security (TLS) version 1.2 using forward secrecy.

For development purposes, we can override the default behavior by specifying an exception in the Info.plist file in your app, as described in App Transport Security Technote. However, in a full production environment, all iOS apps must enforce TLS-secure connections for them to work properly.

To enable non-TLS connections, the following exception must appear in the <projectname>info.plist file in the <project>\Resources folder:

<key>NSExceptionDomains</key> <dict> <key>yourserver.com</key> <dict> <!--Include to allow subdomains--> <key>NSIncludesSubdomains</key> <true/> <!--Include to allow insecure HTTP requests--> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict>


Procedure

  1. To prepare for production, remove or comment out the code that appears earlier in this page.
  2. Set up the client to send HTTPS requests by using the following entry to the dictionary:

    <key>protocol</key> <string>https</string> <key>port</key> <string>10443</string>

    The SSL port number is defined on the server in server.xml in the httpEndpoint definition.

  3. Configure a server that is enabled for the TLS 1.2 protocol. For more information, see Configuring MobileFirst Server to enable TLS V1.2.
  4. Make settings for ciphers and certificates, as they apply to our setup. For more information, see App Transport Security Technote, Secure communications using Secure Sockets Layer (SSL) for WebSphere® Application Server Network Deployment, and Enabling SSL communication for the Liberty profile.

Parent topic: Developing Cordova apps for iOS