CODEWITHSUNDEEP
ibm-mobilefirst
Sami
Sami

Reputation: 564

Enforcing TLS-secure connections in iOS apps MFP 7.1

I have configured my IHS to enable the server requirement for ATS as the following:

Worklight 6.2 iOS binary issue with MobileFirst 7.1

I build and complied my app using xCode 7.3 which adds the App transport security to plist.

The problem is when I follow this URL to do it as production configuration, I'm getting an error:

https://www.ibm.com/support/knowledgecenter/SSHSCD_7.1.0/com.ibm.worklight.dev.doc/dev/t_enforce_TLS.html

My plist config:

 <key>NSAppTransportSecurity</key>
    <dict>
        <key>protocol</key>
        <string>https</string>

        <key>port</key>
        <string>443</string> // since my connection through Datapower I'm putting 443
    </dict>

Error:

2016-06-07 11:58:09.011 ManulifeBankMobile[24781:382306] App Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
2016-06-07 11:58:09.047 ManulifeBankMobile[24781:382280] CFNetwork SSLHandshake failed (-9824)
2016-06-07 11:58:09.048 ManulifeBankMobile[24781:382280] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

The only configuration working is (But I don't need to do as it is insecure):

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

Am I missing something?

Upvotes: 0

Views: 78

Answers (1)

Idan Adar
Idan Adar

Reputation: 44516

It sounds like your worklight.plist is pointing to a HTTP host.

Make sure that the address for the MobileFirst Server in the worklight.plist file is not in HTTP.

Upvotes: 0

Related Questions