iOS9 has new setting for the info.plist, called NSAppTransportSecurity. So far I've been unable to find the configuration that will allow me to connect to my https web service. As a workaround, I have the following line in my plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I'm trying to understand what NSAppTransportSecurity actually means or does. I'm looking at this technical note by Apple, and it's not quite clear:
All connections using the NSURLConnection, CFURL, or NSURLSession APIs use App Transport Security default behavior in apps built for iOS 9.0 or later, and OS X 10.11 or later. Connections that do not follow the requirements will fail.
Is NSAppTransportSecurity just a configuration safeguard that will block TLS less than 1.2, or does it actually apply some special kind of transport security to web connections?
opting out using NSAllowsArbitraryLoads will not disable https. It will simply stop blocking not secure connection such http and https with TLS less than 1.2
You must handle this in all apps that run on iOS9