Skip to main content

Network Security

If you have ever gathered connection metrics using URLSessionTaskTransactionMetrics then you may have noticed that this year Apple has now exposed a few TLS properties to the public API.  The first is negotiatedTLSCipherSuite and the next negotiatedTLSCipherSuite.  The reason this is interesting is that these values seem to have been around since iOS 7, but now are being released in the Security framework in the new iOS 13 beta.  These properties will be very useful for connection diagnostics

Now the Google I/O’ 19 is officially in the books I wanted to do a short overview on some of the interesting Android Encryption updates announced at this years event.

As a long time mobile and server side engineer I have been involved in many different types of projects over the years.  Some small, and some large, but all with one recurring trend; the mobile clients need to consume data from a server to perform a task.  Sometimes this data being consumed is small, and other times the application needs to continuously poll or be notified of new data to keep the application up to date it real time.

OpenSSL 1.1.1 LTS
Featured Post

On September 11th, 2018 the OpenSSL team released a Long Term Support (LTS) version (1.1.1) of OpenSSL which will be supported by the community and the core team for the next five years.  This LTS release includes many new features such as TLS 1.3, ABI version compatibility, new cryptography algorithms, and an overhaul in many areas to the random number generators included in OpenSSL.

Python just received a minor version update to Python 3.7 with many new performance enhancements, added features, and module improvements to the language.   One of the existing Python modules in 3.7 that received some nice new enhancements is the ssl module.

In the last couple of months I have found myself in situations where I have needed to diagnose transport security issues from from the context of an iOS application.  This often can be difficult from the client side perspective as you may not know anything about the minimum TLS version, preferred cipher suite, or the certificate in use on the server.  Often, the best move you have, if you do not have a direct line to the server side team, is to test different settings to diagnose what works and what does not.