How to disable sslv3 for NSURLconnection or NSURLSession

Question

How to disable sslv3 for NSURLconnection or NSURLSession

Regarding a recent security risk using SSLV3, https://isc.sans.edu/forums/diary/OpenSSL+SSLv3+POODLE+Vulnerability+Official+Release/18827

How can I protect NSURLconnection from this threat?

Is it possible to disable sslv3 programmatical in iOS?

Is there any way in iOS with which I can get a list of supported security protocols from the server url?

+6

security ios objective-c iphone nsurlconnection

Piyush hirpara Oct 30 '14 at 11:34

source share

2 answers

Depending on how you connect, try using kCFStreamSocketSecurityLevelTLSv1 instead of kCFStreamSocketSecurityLevelNegotiatedSSL.

+1

user3344236 Oct 30 '14 at 16:23

source share

Piyush hirpara · Accepted Answer · 2014-11-04T06:29:29+0000

I figured out how to install it in NSURLSession, but still struggling with NSURLConnection.

NSURLSessionConfiguration *config = [NSURLSessionConfiguration defaultSessionConfiguration]; config.TLSMaximumSupportedProtocol = kTLSProtocol12; config.TLSMinimumSupportedProtocol = kTLSProtocol12 NSURLSession *session = [NSURLSession sessionWithConfiguration:sessionConfig];

How to disable sslv3 for NSURLconnection or NSURLSession

More articles: