jeudi 29 janvier 2015

Certificate Pinning in IOS to avoid man in middle attack

Is there a best way to do certificate pinning in iOS to avoid Man in middle attack. Or is there any substitute approach that apple provides to make a secure connection?


Currently I'm using A certificate pining approach where either I've to store the .der file in my app to compare with Server Certificate or as option2 to do SHA1 or MD5 validation. But in this case app need regular updates with change in those certificates.


Is there any other concrete approach that apple provides for SSL /TLS validation. Any demo code sample will be helpful


Thanks in advance




Aucun commentaire:

Enregistrer un commentaire