Our clients were suddenly unable to connect to our backend on Heroku since August 2nd. They all use a Windows 7 or Windows 10 cash register device.
Apparently the cash register software that implemented our API doesn't support TLS1.2. And we didn't receive any notification from Heroku that legacy versions of TLS would be EOL.
We have solutions in progress (migrating to AWS or the 3rd party implementing TLS1.2), but they will take some time and my boss would love to have it solved by today.
Is there a possibility to force TLS1.0/1.1 via the Heroku CLI?
Related
The common way to push notification is get the token from client side, and then pass this token to the server side, finally server use this token to send any notification user want. But for test purpose, there is no actually client device, how to get the mock token from server side?
#mohax's answer is correct. I'd like to add a little more:
You cannot get push token without client device request for token. But you can use HMS Toolkit or Cloud Debugging to test your app.
For Huawei emulator on Android Studio, you can install HMS Toolkit. As a lightweight IDE tool plugin, HMS Toolkit implements app creation, coding, conversion, debugging, test, and release. HMS Toolkit provides Cloud Debugging for you to perform 24/7 uninterrupted testing on your app running on remote real devices. With this function, you can learn about the running status of apps on Huawei devices anytime and anywhere even if no device is available, device types are not completed, or an error cannot be reproduced.
Cloud Debugging can be used on a single device for 2 hours each time. Before the validity period expires, you can release the device and apply for the device again.
For more detail about the guidance of how to use HMS Toolkit and cloud debugging,You can also refer this link.
Apple App Store rejected my app with this message:
We discovered one or more bugs in your app when reviewed on iPad
running iOS 11.4.1 on Wi-Fi connected to an IPv6 network.
Because of this I (too late) discovered that since June 2016 Apple requires that every app submitted to App Store should support IPv6-only networking, as written here https://developer.apple.com/support/ipv6/:
Starting June 1, 2016, all apps submitted to the App Store must
support IPv6-only networking. A majority of apps will not require any
changes as IPv6 is already supported by NSURLSession and CFNetwork
APIs. However, if your app utilizes IPv4-specific APIs or hard-coded
IP addresses, you will need to make changes. Be sure to test for IPv6
compatibility before submitting your app to the App Store for review.
The point is that my app doesn't have hardcoded IP addresses and for all the web calls I simply instantiate an HttpClient with default implementation; I already submitted other app based on the same one for other clients, but it's the first time that they rejected it for this reason. Moreover I don't have a way to do a test with IPv6 because my ISP doesn't support it, and also APN of my two mobile sims (internet.wind and mobile.vodafone.it) doesn't work in IPv6.
Is it possible that Apple does this test only once in a while and with other 5/10 submissions I was simply lucky?
After I discovered that the problem was due to the server, that during night (my night, afternoon in USA) was very slow, but reading documentation I've found this, that could be useful to other people:
https://learn.microsoft.com/en-us/xamarin/cross-platform/macios/http-stack
April, 2018 – Due to increased security requirements, including PCI
compliance, major cloud providers and web servers are expected to stop
supporting TLS versions older than 1.2. Xamarin projects created in
previous versions of Visual Studio default to use older versions of
TLS.
In order to ensure your apps continue to work with these servers and
services, you should update your Xamarin projects with the
NSUrlSession setting shown below, then re-build and re-deploy your
apps to your users.
So yes, for HttpClient implementation managed is the default option, and it's almost sure that if you have an old application on the iOS project settings you'll find that one. But Xamarin now suggests to use the NSUrlSession, so to avoid problems in the future is probably good to change it.
But it's almost sure that if you don't have any hardcoded IPv6 address you don't have to change anything in your code:
https://developer.apple.com/library/archive/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html
If you’re writing a client-side app using high-level networking APIs
such as NSURLSession and the CFNetwork frameworks and you connect by
name, you should not need to change anything for your app to work with
IPv6 addresses. If you aren’t connecting by name, you probably should
be.
Question: How can I securely include the SSL cert required for push notifications in the installer for my server product?
Background: Apple Push Notifications require a client SSL cert to be in place on the server that's making the calls to Apple.
My product has a traditional client/server architecture, i.e. a customer installs the server within their intranet and then obtains the iOS client from the App Store and connects the client to their instance of the server.
The point here is that the customer installs the server themselves, rather than a cloud architecture where I would manage the server myself.
My problem is that I don't know how to package the push notification certificate in the server installer in a secure way. I can't distribute the .p12 file without a password because that would expose my private key, and I can't use a password because the password would have to be included somewhere else in the installer which would defeat the purpose. Do I need to relay messages from all of my customers through a server that I manage, which has the SSL client cert? Do I need to install the SSL cert by hand into every one of my customers' sites?
Surely others must have run into this problem already? Or has everyone moved to the cloud?
Here is a major observation that happened to me over the weekend regarding Apple Push certificates. While there many references out there to setting up the Apple Push server side certificates, here is a MAJOR point I discovered that I cannot find referenced in any Apple documentation, or via google.
My situation: I have Push Certificates (sandbox) working great on Windows Server. Now it is time for production. Installation of production certs is successful like many times before. However, while the production push transmission completes error free, no pushes are generated to the device. Hmmm.
I just HAPPEN to notice that my Mac's time is roughly a minute off from the Windows Server (command-tabbing between MacOS and VM-Ware). Looking at Windows and Mac Settings, I see Windows internet time is set for "time.windows.com", and the mac for "time.apple.com". Just for kicks, I change the windows server time to "time.apple.com". Instantly, pushes are now being sent to the device. Nice. :-)
I dodged a major bullet here, this would have probably driven me insane trying to figure this one out. I do not claim to be an SSL cert guru... I (like most every one) just want to get this stuff to work because we have bigger fishes to fry.
I hope this is useful information.
I know only the solutions to install certificates for push notifications :
.p12, the password is in the code of the sending
.cer (.p12+private key) the password is requested at the importing of the certificate.
In the first case, you can deploy your solution, and download some code, for example xml with the password.
I'm thinking of developing an app that uses Microsoft Push Notification. However, I'm not quite sure what I need on my server. I've currently got a shared hosting account. Can I use this as my server to use Push Notification, or does the server have to be dedicated?
Thanks
The short answer is yes you can use shared or dedicated hosting to send out push notifications. Shared just means there are other web servers running on the same physical hardware which does not effect the api's available to your service.
You can get some more background on this if you want to check out Peter Torr's Mix 2010 talk on the video at around 28 minutes in.
Does anyone know the URL for using the Mojo messaging service with the device. I can get it to work with the emulator from Google App Engine and .NET but it does not work on the device. I've read in some other forums that it may be related to the URL.
Anyone have any information. The URL I am currently using is https://ps15.sb.palm.com/palmcsext/services/deviceJ/publish
Per the docs http://developer.palm.com/index.php?option=com_content&view=article&id=1671 :
The Mojo Messaging service is
currently in beta and is not yet
available for production deployments.
Developers with apps nearing readiness
should contact Palm developer support
to inquire about deploying as part of
the beta program.
This means that it only works on the emulator because its running a developer version of the ROM for beta testing - against developer/beta servers. There is not currently a developer ROM available for the devices, so you can test this on the devices at the moment. The production ROM runs against different messaging servers that are not available .. yet.