I need know, how to determine which is the strongest cipher suite for iOS application.Need a good Cipher suite which will provide maximum security for iOS 8 and iOS 9. When i went through Apple Docs, i found lot of cipher suites, some of them given below.
Example Cipher suites:
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
first: My main question is: do you want both iOS8 and iOS9 to support the same ciphersuite, or two different ones for example the best cipher of iOS8 and the best for iOS9?
As of Qualys SSL User Agent Capabilities page for iOS 8 and iOS 9, You should use:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) for iOS 8 and
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) for iOS 9
Above Ciphersuites are only working with an ECDSA Key configuration.
If you only provide a RSA Key then you should use the following ciphers:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) for iOS 8 and
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) for iOS 9 (Best performance)
I hope that answer can help you a bit.
Related
I know that Apple pay testing we use Apple pay stubs in iOS 8, but please let me know how to use Apple pay without ApplePayStubs in iOS 9 in simulator.
Thanks in advance
Yes. You can test apple pay using iOS 9 simulator. So you don't need to add any testing sheet instead PKPaymentAuthorizationViewController. It's working on iOS 9 simulator. Make sure your app run on iPhone 6, iPhone 6 plus or latest version of simulator.
In Xcode 12.5 and iOS 14.5 you can do that using
opt + cmd + A
Yes it is working in Simulator with Xcode 7 and iOS 9.
No need for bio metric thumb scanning.
Thanks all
official documentation: https://developer.apple.com/library/archive/ApplePay_Guide/Authorization.html
NOTE
In Xcode 7.0 or later, you can test the payment authorization view
controller in the simulator. It provides simulated cards for all the
supported payment networks and returns dummy payment data in plain
text. On a device, this data is encrypted with your merchant
identifier and must be decrypted either on your server or by your
payment processor.
Use the Apple Pay Sandbox environment to test your app on a device
with test cards.
Although these techniques provide fast and convenient ways to test
your code, you still need to thoroughly test Apple Pay on actual,
physical devices with production cards.
My iOS 8 Simulator is not using my proxy settings anymore (I want to debug with Charles). The rest of the system does. The simulator somehow seems to get direct internet access. Have I missed some new setting?
Caution: this is NO dup of How to use Charles Proxy on the Xcode 6 (iOS 8) Simulator?. I´m not trying to use SSL on the simulator in the first place. My simulator doesn´t even start to use the proxy.
Charles:
System:
Restart the simulator between proxy changes
This is correct. Proxy settings that are setup on the host are not necessarily usable by the simulated runtime. If your proxy server requires authentication, you will not be able to use it in the iOS Simulator due to the simulator and host not sharing the same keychain. If you rely on this functionality, please file a radar at http://bugreport.apple.com and request an alternative.
Also note that this is discussed in the Xcode 6 Release Notes:
iOS Simulator does not support the use of network proxy servers that require authentication. (14889876)
Do not forget the HTTPS:
Set Web Proxy (HTTP) and Secure Web Proxy (HTTPS)
Restart the simulator after proxy changes
I downloaded Xcode 6 Beta and installed it on my Mac side by side with my original Xcode 5. While I have no problem in seeing my code signing certificate in Xcode 5 there is no way for me to get Xcode 6 to pick up it. Any trick out there? Thanks
Xcode 6 is only in its first beta so very much still under NDA.
Best to check with the Apple DEV Forums
I haven't tried signing certificate just yet, but it could be locked out until a newer version of the beta .....
While I went to seek help from Apple engineers here at WWDC the code signing certificate mysteriously showed up in Xcode 6. As explained by Apple's engineer the problem might be attributed to some network issue earlier here. Now I have certificate in, Xcode 6 complained about missing private keys to it and it is resolved by revoking and re-requesting the developer certificate.
Hello people from the web,
I am experiencing a weird issue with self signed certificates. Since I upgraded to OSX 10.9 (Maverick) I am not able to connect to an HTTPS site protected by a self signed SSL certificate. The only remaining browser on my computer able to do the trick is Firefox (24). Chrome (30) and Safari (7) cannot.
Have you experienced the same issue? Have you found a solution?
On my quest for a solution I found this article:
http://curl.haxx.se/mail/archive-2013-10/0036.html
However it seems to me this is more the webkit common engine causing the issue. Is it possible that Webkit has become more picky with SSL Certificates? In which case how to generate a cutom one that would suit Safari 7 and Chrome 30+?
Thank you for any help you could provide :)
Oscar
I have to port OpenSSL to winRT(windows 8 metro on x86 not ARM), so i am planning to start with compiling for WinRt.
I have downloaded the source code from http://www.openssl.org/source/
In the source code i see some OS specific folders like MacOS, OS2 and there is ms folder as well, but i dont see any visual studio projects. whatever i have read so far about compiling OpesSSL talks about makefiles and mingw ,but i am not very comfortable with makefiles and moreover not sure whether cygwin and perl will be supported in windows 8. So i am looking for some ideas on how to compile OpenSSL on windows 8 using visual studio. Please share your knowledge or point me to a direction which can help me in doing this. Thanks a lot
The solution for SSL encryption in metro style works well. But if you are not connecting to a web service there are some disadvantages:
- you can not control the parameters of the SSL handshake (like cyphers, verification of server certificate)
- not possible to present user certificate to authenticate the client to the server
- dependent on Microsoft for upgrades of SSL stack new encryptions etc.
There are some people working on porting openssl to windows runtime. See
http://openssl.6102.n7.nabble.com/winrt-random-td42100.html
It means that you only configure and build openssl without winsock support (only memory BIO) and replace some not supported functions.
So it is possible to do it but is not yet supported out of the box and quite some work compared to the built-in solution. But if you want to port some software already using openssl this could be a solution.
OpenSSL will build under Windows 8 for desktop mode only. Metro/WinRT no longer provides Winsock (or API compatible alternatives), so you will not be able to compile directly for WinRT.
Why would you like to use OpenSSL in WinRT??
If you use it only for security purpose then you can omit it inmetro style WinRT. Because WinRT itself provide security for socket programming in metro style like
//0: A plain socket with no encryption.
socket->ConnectAsync(hostname, serviceName, SocketProtectionLevel::PlainSocket);
//1: A socket that must use the SSL for encryption. This value requires encryption and never allows a NULL cipher.
socket->ConnectAsync(hostname, serviceName, SocketProtectionLevel::Ssl);
//2: A socket that prefers to use the SSL for encryption. This value prefers that full encryption be used, but allows a NULL cipher (no encryption) based on the server configuration.
socket->ConnectAsync(hostname, serviceName, SocketProtectionLevel::SslAllowNullEncryption);