Titanium JIRA Archive
Titanium SDK/CLI (TIMOB)

[TIMOB-26959] iOS: Add TLS 1.3 support

GitHub Issuen/a
TypeNew Feature
PriorityNone
StatusClosed
ResolutionFixed
Resolution Date2020-08-03T21:04:12.000+0000
Affected Version/sn/a
Fix Version/sRelease 9.1.0
ComponentsiOS
LabelsHTTPClient, TLS, ios, network
ReporterJoshua Quick
AssigneeVijay Singh
Created2019-04-01T21:23:39.000+0000
Updated2020-08-03T21:04:12.000+0000

Description

*Summary:* We should add a new TLS_VERSION_1_3 constant to the Ti.Network module. We should also make sure TLS 1.3 is enabled by default when doing network communications via: * HTTPClient * Loading images via URLs. (ex: ImageView.image) * Module verification on app startup for non-production builds via "ti.verify". *Reasons:* * For parity when we do the same on Android. See: [TIMOB-26956] * So that devs can set a TLS version preference via [HTTPClient.tlsVersion](https://docs.appcelerator.com/platform/latest/#!/api/Titanium.Network.HTTPClient-property-tlsVersion). *Note:* Apple added TLS 1.3 support to iOS 11. https://developer.apple.com/documentation/security/sslprotocol/ktlsprotocol13?language=objc

Comments

  1. Joshua Quick 2019-04-01

    Please note that Android won't have official TLS 1.3 support until Android Q (aka: Android 10.0) is released. Please see: https://developer.android.com/preview/features#tls-1.3 But that doesn't mean we can't add it to iOS before Android. If we do this, then we may want to add the constant to Android anyways and have it no-op for TLS 1.3 until Titanium has official Android Q support.
  2. Kota Iguchi 2019-04-02

    This sounds to me we might want to implement new tlsVersion property onto Ti.Network.TCP too like below. 
       var socket = Ti.Network.Socket.createTCP({
       host: 'www.example.com',
       port: 80,
       tlsVersion: Ti.Network.TLS_VERSION_1_3
   });
  3. Kota Iguchi 2019-04-02

    FYI: I'm not sure if it really makes sense but I can see that each platform has API to deal with TLS version on socket/stream. - Android: [javax.net.ssl.SSLSocket.setEnabledProtocols](https://developer.android.com/reference/javax/net/ssl/SSLSocket.html#setEnabledProtocols) - iOS: [NSStreamSocketSecurityLevel on NSStream](https://developer.apple.com/documentation/foundation/nsstreamsocketsecuritylevel?language=objc|) - Windows: [Windows.Networking.Sockets.StreamSocket.ConnectAsync](https://docs.microsoft.com/en-us/uwp/api/windows.networking.sockets.streamsocket.connectasync#Windows_Networking_Sockets_StreamSocket_ConnectAsync_Windows_Networking_EndpointPair_Windows_Networking_Sockets_SocketProtectionLevel_)
  4. Eric Merriman 2019-08-22

    [~lchoudhary] We should set up a test of this
  5. Abir Mukherjee 2019-10-02

    [~ssekhri] can you please check this? If it's done, can you please comment? Thanks.
  6. Ygor Lemos 2019-10-29

    any chance on getting this back-ported to 8.3.X ?
  7. Joshua Quick 2019-10-29

    [~ygbr], I remember our test team doing a quick test on iOS 13 and we got TLS 1.3 for free. At least in a WebView. We didn't have to make any code changes. Try it with the below URL. https://ssllabs.com/ssltest/viewMyClient.html But we haven't done extensive testing yet. Nor tested it on older iOS versions to see what our options are. The team has been more focused on supporting iOS 13 in general.
  8. Vijay Singh 2020-05-29

    I tried to test it using Charles. It always uses TLS 1.2. In iOS, if one want to set some minimum TLS version, add following key can be set in tiapp.xml's plist section of iOS. Similar is explained [here](https://stackoverflow.com/questions/37320980/how-to-enable-tls-1-2-1-1-1-0-and-ssl-in-ios-app) - 
       <key>NSAppTransportSecurity</key>
   <dict>
        <key>NSExceptionDomains</key>
    <dict>
       <key>your.servers.domain.here</key>
       <dict>
           <key>NSExceptionMinimumTLSVersion</key>
           <string>TLSv1.0</string>
       </dict>
       </dict>
   </dict>
    [~ssekhri] Please verify it. Thanks! Test Case - 
       var win = Ti.UI.createWindow({
       backgroundColor: '#fff'
   });
   
   var btn = Ti.UI.createButton({
   	top: 100,
       title: 'Load'
   });
   
   btn.addEventListener('click', function() {
        var webView = Ti.UI.createWebView({
        	top: 150,
        	url: 'https://ssllabs.com/ssltest/viewMyClient.html' //'https://www.google.com'//
        });
   
        win.add(webView);
   
   	// const url = 'https://ssllabs.com/ssltest/viewMyClient.html';// "https://www.google.com"; //
   	// const client = Ti.Network.createHTTPClient({
   	//     onload: function(e) {
   	//         console.log("success");
   	//     },
   
   	//     onerror: function(e) {
   	//         console.error(e.error);
   	//     },
   	// });
   	// client.open("GET", url);
   	// client.send();
   });
   
   win.add(btn);
   win.open();
  9. Vijay Singh 2020-06-04

    PR - https://github.com/appcelerator/titanium_mobile/pull/11754
  10. Satyam Sekhri 2020-07-01

    FR Passed. Waiting for Jenkins build
  11. Christopher Williams 2020-07-06

    merged to master for 9.1.0 target
  12. Satyam Sekhri 2020-08-03

    Verified on: Mac OS: 10.15.4 SDK: 9.1.0.v20200727104531 Appc CLI: 8.1.0-master.7 JDK: 11.0.4 Node: 10.17.0 Studio: 6.0.0.202005141803 Xcode: 12.0 beta Device: iOS simulator 13.5, 12.2, 11.4

JSON Source