Xing API SSL error

64 Views Asked by At

I am using the url for request token from xing in my ios app. If I am using NSAppTransportSecurity exception, then the link is working. But when I remove it is showing ATS error even though the url is https.

1

There are 1 best solutions below

0
On BEST ANSWER

It looks like the api.xing.com server does not support forward secrecy (see here), one of the requirements for ATS. Fortunately, you can add a domain exception for the xing.com domain, with the NSIncludesSubdomains key set to YES, and the NSThirdPartyExceptionRequiresForwardSecrecy key set to NO as shown here: enter image description here

This should solve the problem, and shouldn't cause problems with Apple when you submit, because the Forward Secrecy exception is one of the ones that will not trigger the need for additional justification when Apple starts enforcing stricter ATS requirements this year (the deadline was originally 12/31/2016, but Apple has extended the deadline to some future unknown date)