SlideShare une entreprise Scribd logo

App Transport Security by Nicolas lauquin

CocoaHeads France
CocoaHeads France

A talk about the new security feature App Transport Security enabled in iOS9 & OSX10.11's SDKs. What is it and what are the impacts for us developper ?

Logiciels
1  sur  14
Télécharger pour lire hors ligne
SmallTalk 
 App Transport Security CocoaHeads Paris
 Jeudi 09 septembre 2015 Nicolas Lauquin
What ? ATS is default security configuration to conform to. Apple depreciate HTTP ;) Involve all connexions based on NSURLConnection, CFURL, or NSURLSession Starting iOS 9 & OS X 10.11 sdks
Security Requirements The server must supporting Transport Layer Security (TLS) protocol version 1.2. Connection ciphers are limited to those that provide forward secrecy (TLS_ECDHE*) Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048 bit or greater RSA key or a 256 bit or greater Elliptic- Curve (ECC) key.
Not Respecting Rules = Punishment AppTransport[71704:4475213] CFNetwork SSLHandshake failed (-9801)
 AppTransport[71704:4475213] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801) When logging network error output :
 Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
How To Check ? Compile with iOS9||OSX10.11 sdk and check the connexion success/logs + check code error with securetransport.h + add extra log CFNETWORK_DIAGNOSTICS = 1
 -> hard to analyze In a browser to have a quick (&dirty) check nscurl (starting 10.11 - best choice) nscurl —ats-diagnostics —verbose https://x.co
Exceptions
Trick OK To test on a ATS compliant API:
Example with IC server on OSX10.10.5
IC Server ATS KO
IC Server v2
 -> with certificat update better but still KO
Configuration Info.plist Config necessary until upgrade to El Capitan which will support TLSv1.2 & forward secrecy ATS OK
Refs Apple Technote: https://developer.apple.com/library/prerelease/ios/technotes/App- Transport-Security-Technote/index.html Apple Video WWDC2015 - 711 - Network with NSURLSESSION Exemple of App Transport configuration -http://www.neglectedpotential.com/ 2015/06/working-with-apples-application-transport-security/ Tips about issue with AppTransport : http://timekl.com/blog/2015/08/21/ shipping-an-app-with-app-transport-security/ Apple security Transport error code : http://www.opensource.apple.com/source/ Security/Security-55179.13/libsecurity_ssl/Security/SecureTransport.h
CocoaHeads Paris
 App Transport Security Nicolas Lauquin nicolas@atelierdumobile.com @nlauquin

Recommandé

Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
IP Sec by Amin Pathan
IP Sec by Amin PathanIP Sec by Amin Pathan
IP Sec by Amin Pathanaminpathan11
 
Calico and simple policy
Calico and simple policyCalico and simple policy
Calico and simple policyAnirban Sen Chowdhary
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
I psec
I psecI psec
I psecnlekh
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks
 

Recommandé

Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideHarris Andrea
 
IPsec vpn
IPsec vpnIPsec vpn
IPsec vpnsharetech
 
IP Sec by Amin Pathan
IP Sec by Amin PathanIP Sec by Amin Pathan
IP Sec by Amin Pathanaminpathan11
 
Calico and simple policy
Calico and simple policyCalico and simple policy
Calico and simple policyAnirban Sen Chowdhary
 
I psec cisco
I psec ciscoI psec cisco
I psec ciscoDeepak296
 
Cisco Ios Suneet
Cisco Ios SuneetCisco Ios Suneet
Cisco Ios Suneetguest575e9c
 
I psec
I psecI psec
I psecnlekh
 
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts
Cohesive Networks Support Docs: VNS3 Configuration for ElasticHosts Cohesive Networks
 
Calico and ubuntu
Calico and ubuntuCalico and ubuntu
Calico and ubuntuAnirban Sen Chowdhary
 
Ipsecurity
IpsecurityIpsecurity
IpsecurityChinmay Patel
 
Secure Sockets Layer and Transport Layer Security
Secure Sockets Layer and Transport Layer SecuritySecure Sockets Layer and Transport Layer Security
Secure Sockets Layer and Transport Layer SecurityAl Mamun
 
System and Network administrator
System and Network administratorSystem and Network administrator
System and Network administratorMohamed Tawfik
 
Calico 3
Calico 3Calico 3
Calico 3Anirban Sen Chowdhary
 
A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl 2005A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl 2005Nadeer Abu Jraerr
 
Transport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaTransport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaMrinal Wadhwa
 
I psecurity
I psecurityI psecurity
I psecurityZainabNoorGul
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Fast Answers about Pertino
Fast Answers about PertinoFast Answers about Pertino
Fast Answers about PertinoPertino
 
vpn router Mikrotik
vpn router Mikrotikvpn router Mikrotik
vpn router Mikrotiktodangkhoa
 
How to set up a Multi-Cloud VPC with Pertino
How to set up a Multi-Cloud VPC with PertinoHow to set up a Multi-Cloud VPC with Pertino
How to set up a Multi-Cloud VPC with PertinoPertino
 
Transportation security
Transportation securityTransportation security
Transportation security08476879
 
Transportation And Facility Security
Transportation And Facility SecurityTransportation And Facility Security
Transportation And Facility Securityehszone
 
Tsa's positive 1
Tsa's positive 1Tsa's positive 1
Tsa's positive 1Doing What I Do
 
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"Cisco Canada
 
Transportation Security Administration "TSA 101"
Transportation Security Administration "TSA 101"Transportation Security Administration "TSA 101"
Transportation Security Administration "TSA 101"TSA
 
Traffic Safety
Traffic SafetyTraffic Safety
Traffic SafetyWah Engineering College(University of Wah)
 
TRANSPORTATION PLANNING
TRANSPORTATION PLANNINGTRANSPORTATION PLANNING
TRANSPORTATION PLANNINGintan fatihah
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSDr Anjan Krishnamurthy
 
Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateCheapSSLUSA
 

Contenu connexe

Tendances

Secure Sockets Layer and Transport Layer Security
Secure Sockets Layer and Transport Layer SecuritySecure Sockets Layer and Transport Layer Security
Secure Sockets Layer and Transport Layer SecurityAl Mamun
 
System and Network administrator
System and Network administratorSystem and Network administrator
System and Network administratorMohamed Tawfik
 
A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl 2005A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl 2005Nadeer Abu Jraerr
 
Transport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaTransport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaMrinal Wadhwa
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overviewdavisli
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureBrian Ritchie
 
Fast Answers about Pertino
Fast Answers about PertinoFast Answers about Pertino
Fast Answers about PertinoPertino
 
vpn router Mikrotik
vpn router Mikrotikvpn router Mikrotik
vpn router Mikrotiktodangkhoa
 
How to set up a Multi-Cloud VPC with Pertino
How to set up a Multi-Cloud VPC with PertinoHow to set up a Multi-Cloud VPC with Pertino
How to set up a Multi-Cloud VPC with PertinoPertino
 

Tendances (13)

Calico and ubuntu
Calico and ubuntuCalico and ubuntu
Calico and ubuntu
 
Ipsecurity
IpsecurityIpsecurity
Ipsecurity
 
Secure Sockets Layer and Transport Layer Security
Secure Sockets Layer and Transport Layer SecuritySecure Sockets Layer and Transport Layer Security
Secure Sockets Layer and Transport Layer Security
 
System and Network administrator
System and Network administratorSystem and Network administrator
System and Network administrator
 
Calico 3
Calico 3Calico 3
Calico 3
 
A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl 2005A technical comparison of ip sec and ssl 2005
A technical comparison of ip sec and ssl 2005
 
Transport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal WadhwaTransport Layer Security - Mrinal Wadhwa
Transport Layer Security - Mrinal Wadhwa
 
I psecurity
I psecurityI psecurity
I psecurity
 
IPSec Overview
IPSec OverviewIPSec Overview
IPSec Overview
 
Introduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & SecureIntroduction to SSL and How to Exploit & Secure
Introduction to SSL and How to Exploit & Secure
 
Fast Answers about Pertino
Fast Answers about PertinoFast Answers about Pertino
Fast Answers about Pertino
 
vpn router Mikrotik
vpn router Mikrotikvpn router Mikrotik
vpn router Mikrotik
 
How to set up a Multi-Cloud VPC with Pertino
How to set up a Multi-Cloud VPC with PertinoHow to set up a Multi-Cloud VPC with Pertino
How to set up a Multi-Cloud VPC with Pertino
 

En vedette

Transportation security
Transportation securityTransportation security
Transportation security08476879
 
Transportation And Facility Security
Transportation And Facility SecurityTransportation And Facility Security
Transportation And Facility Securityehszone
 
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"Cisco Canada
 
Transportation Security Administration "TSA 101"
Transportation Security Administration "TSA 101"Transportation Security Administration "TSA 101"
Transportation Security Administration "TSA 101"TSA
 
TRANSPORTATION PLANNING
TRANSPORTATION PLANNINGTRANSPORTATION PLANNING
TRANSPORTATION PLANNINGintan fatihah
 

En vedette (7)

Transportation security
Transportation securityTransportation security
Transportation security
 
Transportation And Facility Security
Transportation And Facility SecurityTransportation And Facility Security
Transportation And Facility Security
 
Tsa's positive 1
Tsa's positive 1Tsa's positive 1
Tsa's positive 1
 
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
Enterprise Data Center and Cloud: "Efficiency, Speed, Disruption"
 
Transportation Security Administration "TSA 101"
Transportation Security Administration "TSA 101"Transportation Security Administration "TSA 101"
Transportation Security Administration "TSA 101"
 
Traffic Safety
Traffic SafetyTraffic Safety
Traffic Safety
 
TRANSPORTATION PLANNING
TRANSPORTATION PLANNINGTRANSPORTATION PLANNING
TRANSPORTATION PLANNING
 

Similaire à App Transport Security by Nicolas lauquin

Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateCheapSSLUSA
 
SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesTiago Mendo
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS UpgradeAppViewX
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?Microsoft
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)chhoup
 
SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesTiago Mendo
 
SSL: limitations, bad practices and how to do it right
SSL: limitations, bad practices and how to do it rightSSL: limitations, bad practices and how to do it right
SSL: limitations, bad practices and how to do it rightTiago Mendo
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configurationextremeunix
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptxMARIA401634
 
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfpresentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfssuserf0e32f
 
Lecture 10 Networking on Mobile Devices
Lecture 10 Networking on Mobile DevicesLecture 10 Networking on Mobile Devices
Lecture 10 Networking on Mobile DevicesMaksym Davydov
 
Socket Programming - nitish nagar
Socket Programming - nitish nagarSocket Programming - nitish nagar
Socket Programming - nitish nagarNitish Nagar
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionCSCJournals
 

Similaire à App Transport Security by Nicolas lauquin (20)

SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
Secure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)CertificateSecure Sockets Layer(SSL)Certificate
Secure Sockets Layer(SSL)Certificate
 
SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSes
 
The TLS Upgrade
The TLS UpgradeThe TLS Upgrade
The TLS Upgrade
 
IP Security
IP SecurityIP Security
IP Security
 
How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?How (un)secure is SSL/TLS?
How (un)secure is SSL/TLS?
 
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
 
SSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSesSSL, HSTS and other stuff with two eSSes
SSL, HSTS and other stuff with two eSSes
 
SSL: limitations, bad practices and how to do it right
SSL: limitations, bad practices and how to do it rightSSL: limitations, bad practices and how to do it right
SSL: limitations, bad practices and how to do it right
 
Random musings on SSL/TLS configuration
Random musings on SSL/TLS configurationRandom musings on SSL/TLS configuration
Random musings on SSL/TLS configuration
 
1643129870-internet-security.pptx
1643129870-internet-security.pptx1643129870-internet-security.pptx
1643129870-internet-security.pptx
 
presentation_4102_1493726768.pdf
presentation_4102_1493726768.pdfpresentation_4102_1493726768.pdf
presentation_4102_1493726768.pdf
 
VPN presentation - moeshesh
VPN presentation - moesheshVPN presentation - moeshesh
VPN presentation - moeshesh
 
Lecture 10 Networking on Mobile Devices
Lecture 10 Networking on Mobile DevicesLecture 10 Networking on Mobile Devices
Lecture 10 Networking on Mobile Devices
 
Android Networking
Android NetworkingAndroid Networking
Android Networking
 
Ssl and tls
Ssl and tlsSsl and tls
Ssl and tls
 
Socket Programming - nitish nagar
Socket Programming - nitish nagarSocket Programming - nitish nagar
Socket Programming - nitish nagar
 
WLAN and IP security
WLAN and IP securityWLAN and IP security
WLAN and IP security
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit DetectionComparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
Comparative Analysis of Open-SSL Vulnerabilities & Heartbleed Exploit Detection
 

Plus de CocoaHeads France

Mutation testing for a safer Future
Mutation testing for a safer FutureMutation testing for a safer Future
Mutation testing for a safer FutureCocoaHeads France
 
Visual accessibility in iOS11
Visual accessibility in iOS11Visual accessibility in iOS11
Visual accessibility in iOS11CocoaHeads France
 
My script - One year of CocoaHeads
My script - One year of CocoaHeadsMy script - One year of CocoaHeads
My script - One year of CocoaHeadsCocoaHeads France
 
Ui testing dealing with push notifications
Ui testing dealing with push notificationsUi testing dealing with push notifications
Ui testing dealing with push notificationsCocoaHeads France
 
CONTINUOUS DELIVERY WITH FASTLANE
CONTINUOUS DELIVERY WITH FASTLANECONTINUOUS DELIVERY WITH FASTLANE
CONTINUOUS DELIVERY WITH FASTLANECocoaHeads France
 
L'intégration continue avec Bitrise
L'intégration continue avec BitriseL'intégration continue avec Bitrise
L'intégration continue avec BitriseCocoaHeads France
 
Programme MFI retour d'expérience
Programme MFI retour d'expérienceProgramme MFI retour d'expérience
Programme MFI retour d'expérienceCocoaHeads France
 
How to communicate with Smart things?
How to communicate with Smart things?How to communicate with Smart things?
How to communicate with Smart things?CocoaHeads France
 
Build a lego app with CocoaPods
Build a lego app with CocoaPodsBuild a lego app with CocoaPods
Build a lego app with CocoaPodsCocoaHeads France
 

Plus de CocoaHeads France (20)

Mutation testing for a safer Future
Mutation testing for a safer FutureMutation testing for a safer Future
Mutation testing for a safer Future
 
iOS App Group for Debugging
iOS App Group for DebuggingiOS App Group for Debugging
iOS App Group for Debugging
 
Asynchronous swift
Asynchronous swiftAsynchronous swift
Asynchronous swift
 
Visual accessibility in iOS11
Visual accessibility in iOS11Visual accessibility in iOS11
Visual accessibility in iOS11
 
My script - One year of CocoaHeads
My script - One year of CocoaHeadsMy script - One year of CocoaHeads
My script - One year of CocoaHeads
 
Ui testing dealing with push notifications
Ui testing dealing with push notificationsUi testing dealing with push notifications
Ui testing dealing with push notifications
 
CONTINUOUS DELIVERY WITH FASTLANE
CONTINUOUS DELIVERY WITH FASTLANECONTINUOUS DELIVERY WITH FASTLANE
CONTINUOUS DELIVERY WITH FASTLANE
 
L'intégration continue avec Bitrise
L'intégration continue avec BitriseL'intégration continue avec Bitrise
L'intégration continue avec Bitrise
 
Super combinators
Super combinatorsSuper combinators
Super combinators
 
Design like a developer
Design like a developerDesign like a developer
Design like a developer
 
Handle the error
Handle the errorHandle the error
Handle the error
 
Quoi de neuf dans iOS 10.3
Quoi de neuf dans iOS 10.3Quoi de neuf dans iOS 10.3
Quoi de neuf dans iOS 10.3
 
IoT Best practices
IoT Best practices IoT Best practices
IoT Best practices
 
SwiftyGPIO
SwiftyGPIOSwiftyGPIO
SwiftyGPIO
 
Présentation de HomeKit
Présentation de HomeKitPrésentation de HomeKit
Présentation de HomeKit
 
Programme MFI retour d'expérience
Programme MFI retour d'expérienceProgramme MFI retour d'expérience
Programme MFI retour d'expérience
 
How to communicate with Smart things?
How to communicate with Smart things?How to communicate with Smart things?
How to communicate with Smart things?
 
Build a lego app with CocoaPods
Build a lego app with CocoaPodsBuild a lego app with CocoaPods
Build a lego app with CocoaPods
 
Let's migrate to Swift 3.0
Let's migrate to Swift 3.0Let's migrate to Swift 3.0
Let's migrate to Swift 3.0
 
Project Entourage
Project EntourageProject Entourage
Project Entourage
 

Dernier

Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalLionel Briand
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 

Dernier (20)

Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Precise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive GoalPrecise and Complete Requirements? An Elusive Goal
Precise and Complete Requirements? An Elusive Goal
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 

App Transport Security by Nicolas lauquin

  • 1. SmallTalk 
 App Transport Security CocoaHeads Paris
 Jeudi 09 septembre 2015 Nicolas Lauquin
  • 2. What ? ATS is default security configuration to conform to. Apple depreciate HTTP ;) Involve all connexions based on NSURLConnection, CFURL, or NSURLSession Starting iOS 9 & OS X 10.11 sdks
  • 3. Security Requirements The server must supporting Transport Layer Security (TLS) protocol version 1.2. Connection ciphers are limited to those that provide forward secrecy (TLS_ECDHE*) Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048 bit or greater RSA key or a 256 bit or greater Elliptic- Curve (ECC) key.
  • 4. Not Respecting Rules = Punishment AppTransport[71704:4475213] CFNetwork SSLHandshake failed (-9801)
 AppTransport[71704:4475213] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801) When logging network error output :
 Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."
  • 5. How To Check ? Compile with iOS9||OSX10.11 sdk and check the connexion success/logs + check code error with securetransport.h + add extra log CFNETWORK_DIAGNOSTICS = 1
 -> hard to analyze In a browser to have a quick (&dirty) check nscurl (starting 10.11 - best choice) nscurl —ats-diagnostics —verbose https://x.co
  • 7. Trick OK To test on a ATS compliant API:
  • 8. Example with IC server on OSX10.10.5
  • 10. IC Server v2
 -> with certificat update better but still KO
  • 11. Configuration Info.plist Config necessary until upgrade to El Capitan which will support TLSv1.2 & forward secrecy ATS OK
  • 12. Refs Apple Technote: https://developer.apple.com/library/prerelease/ios/technotes/App- Transport-Security-Technote/index.html Apple Video WWDC2015 - 711 - Network with NSURLSESSION Exemple of App Transport configuration -http://www.neglectedpotential.com/ 2015/06/working-with-apples-application-transport-security/ Tips about issue with AppTransport : http://timekl.com/blog/2015/08/21/ shipping-an-app-with-app-transport-security/ Apple security Transport error code : http://www.opensource.apple.com/source/ Security/Security-55179.13/libsecurity_ssl/Security/SecureTransport.h
  • 13.
  • 14. CocoaHeads Paris
 App Transport Security Nicolas Lauquin nicolas@atelierdumobile.com @nlauquin