NSURLConnection with https and TLS 1.1

Discussion in 'Mac Programming' started by idelovski, Oct 29, 2015.

  1. idelovski macrumors regular

    Joined:
    Sep 11, 2008
    #1
    Hi,

    My app uses NSURLConnection to post an xml file to a financial organization in my country that will at some point next year stop using SSL protocols and switch to TLS 1.1 or 1.2.

    My app is linked to 10.6 SDK as many of my clients use older systems. There are several questions I like to ask and I am not sure how this all affects me.

    Does it matter to what SDK am I linked? If my app is used on latest Mac OS will NSURLConnection use latest TLS by default? How do I test the TLS version on a system?

    Should I link to the newer SDK? Or just tell affected clients to upgrade to Mountain Lion or newer?

    The problem is I can't test anything now as the organization in question just announced that at some point in 2016. they'll stop support for anything less than TLS 1.1.
     
  2. ArtOfWarfare macrumors 604

    ArtOfWarfare

    Joined:
    Nov 26, 2007
    #2
    I'm sure there's some third party TLS 1.2 library that'll work in 10.6... Just might be in C or C++ so not as easy to use with Obj-C code as if it were written in Obj-C.

    If one doesn't exist (doubtful), you could always write one yourself.

    Although I would check - how many users are actually still using 10.6 or 10.7, and how many will continue using it into next year?
     
  3. idelovski, Oct 30, 2015
    Last edited: Oct 30, 2015

    idelovski thread starter macrumors regular

    Joined:
    Sep 11, 2008
    #3
    > I'm sure there's some third party TLS 1.2 library that'll work in 10.6...

    Most likely, but how do I make NSURLConnection and all other networking classes use it? I think this part is deliberately made that way so developers don't need to set encryption methods themselves.

    > If one doesn't exist (doubtful), you could always write one yourself.

    To be frank, I have only a vague idea what TLS actually does. No way I can mess with that.

    > Although I would check - how many users are actually still using 10.6 or 10.7, and how many will continue using it into next year?

    It is a special, custom made application for the local market. I know personally most of the users and I visit them in person at least few times a year. They use what they have and will continue to do so until these computers die. My main application is linked against 10.4 and works even on PPC.

    EDIT - just to clarify, those still on the older OSes would not be able to use the module in question. I can check in my main application if the OS is less than Mountain Lion and disable the option. The thing is, in a network of say 20 computers only a few need the module that would access this service and I can force those users to put the newer computers there. But the rest of the company can still use PPC Mac Minis and what not.
     

Share This Page