I agree, Bill. This could be a show-stopper for JHS on Apple machines, in view of this quote from Apple API documentation:
Note: Although ATS is unenforced for connection to local hosts, Apple strongly recommends using Transport Layer Security (TLS) for any local connection, along with the use of a self-signed certificate to validate the local IP address. I dunno about the "ATS is unenforced for connection to local hosts" bit – it sure enforces itself when I try it. (I'm still on El Capitan) But ATS is fine-tunable, with lots of options in info.plist, and Apple might just approve for the App Store a tight enough setup that allows J to receive http, not https. But there's something absurdly simple I want to try first – it sounds so silly I don't want to talk about it until I've got it to work – or not. On Sat, Apr 8, 2017 at 1:44 AM, bill lam <[email protected]> wrote: > Even if jhs can act as a https server, users still need to install a self > hosted ssl certificate by themselves. This is nontrivial for most end > users. > > On 8 Apr, 2017 6:30 am, "Ian Clark" <[email protected]> wrote: > > > That's too difficult, for an App Store app that aims to use JHS > > out-of-the-box, for installation by non-savvy users. > > > > I was afraid that was the case. Effectively I've hit a glass ceiling and > > can take my experiments no further, at least not down a commercial > route. I > > shall write them up and publish them on jwiki for experimenters, against > > the day when things may change. And turn to other things. > > > > On Fri, Apr 7, 2017 at 11:19 PM, Raul Miller <[email protected]> > > wrote: > > > > > Not directly. > > > > > > You can put a proxy web server in front of it, to serve https. > > > > > > But, currently, there's no implementation of https encryption in J, > > > which is what you would need to implement this without proxying. > > > > > > (That said, note that the guidelines for certificate management tend > > > towards things like requiring someone to manually start it up - > > > entering a password to decrypt the certificate, or something along > > > that line. Most people ignore this issue or simply are not aware of > > > it.) > > > > > > Thanks, > > > > > > -- > > > Raul > > > > > > > > > On Fri, Apr 7, 2017 at 6:15 PM, Ian Clark <[email protected]> > wrote: > > > > Can JHS be configured to connect via https instead of http? > > > > > > > > If the answer's "no", why do I want it? -- > > > > > > > > I'm writing Apple apps using Xcode + Swift which communicate with JHS > > > used > > > > as a local server. I have some working prototypes and I'm about to > > offer > > > > these as betas. > > > > > > > > Apple have brought in something called App Transport Security (ATS) > > > which, > > > > put simply, deliberately makes life difficult if the client insists > on > > > > using http:// instead of https:// to connect with the server. Even > > over > > > an > > > > SSH "tunnel" on the same machine. > > > > > > > > ATS can be overridden (as I have been doing), but only as a temporary > > > > expedient (says Apple), and the resulting app will not get accepted > for > > > > sale on App Store. > > > > ------------------------------------------------------------ > ---------- > > > > For information about J forums see http://www.jsoftware.com/ > forums.htm > > > ---------------------------------------------------------------------- > > > For information about J forums see http://www.jsoftware.com/forums.htm > > ---------------------------------------------------------------------- > > For information about J forums see http://www.jsoftware.com/forums.htm > ---------------------------------------------------------------------- > For information about J forums see http://www.jsoftware.com/forums.htm > ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
