On Wed, Jan 27, 2016 at 10:29 AM, Jens Alfke <j...@mooseyard.com> wrote:
> I believe that text refers to an *SSL* server "with no certificate, or a > self-signed, expired, or hostname-mismatched certificate”. There is a > _separate_ key that allows non-SSL connections. > Reading over the rest of the page, I'm fairly certain that's not the case. Here are a couple of other bits: Set this key’s value to YES > <https://developer.apple.com/library/ios/documentation/Cocoa/Reference/ObjCRuntimeRef/index.html#//apple_ref/doc/c_ref/YES>, > if needed, to: > > - Enable connection to an insecure HTTP server > - Enable connection to an untrusted HTTPS server > - Enable connection to an HTTPS server for which you want to perform > your own server trust evaluation > > For example, setting the value of a named server’s > NSExceptionAllowsInsecureHTTPLoads key to YES > <https://developer.apple.com/library/ios/documentation/Cocoa/Reference/ObjCRuntimeRef/index.html#//apple_ref/doc/c_ref/YES> > allows > insecure HTTP connections to that server. To use ATS generally but allow connection to a specific server that does > not support the HTTPS protocol—for example, a media server that your app > uses—employ the following configuration pattern in your Info.plist file: > *[snip > example using **NSExceptionAllowsInsecureHTTPLoads]* The only other exception keys that control HTTPS behavior are NSExceptionRequiresForwardSecrecy and NSExceptionMinimumTLSVersion, neither of which seems to fit the role you're talking about. _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
