Skip to content
This repository has been archived by the owner on Nov 6, 2021. It is now read-only.

ditch CKHTTPConnection? #29

Closed
jcs opened this issue Jan 10, 2017 · 1 comment
Closed

ditch CKHTTPConnection? #29

jcs opened this issue Jan 10, 2017 · 1 comment

Comments

@jcs
Copy link
Owner

jcs commented Jan 10, 2017

Bugs like #28 are hard to debug, and now that SSL 2/3 is no longer allowed in iOS 10 anyway, CKHTTPConnection is doing less but still getting in the way.

Things that CKHTTPConnection does that would be lost:

  • Forcing TLS 1.2 instead of 1.1 or 1.0
  • TLS cipher suite selection
  • Passing TLS negotiated protocol and cipher info to the SSLCertificate that gets passed up to the WebViewTab, which is visible to the user when viewing the certificate

Things that it does that can still be done elsewhere:

  • Javascript injection can be done via NSURLConnection in connection:didReceiveData:
  • TLS certificate processing (and HPKP in support HPKP #25) can be done in connection:willSendRequestForAuthenticationChallenge:
  • HTTP keep-alive would be done by default, I believe
  • HTTP authentication should still be possible in connection:willSendRequestForAuthenticationChallenge:

An alternative would be to use NSURLConnection for most things but any hosts with a HostSettings for specifying TLS or a new setting for limited ciphers could use CKHTTPConnection.
@jcs
Copy link
Owner Author

jcs commented Jan 13, 2017

Maybe not...

@jcs jcs closed this as completed Jan 13, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jcs