I am working an app in which user can enter arbitrary URL to which my app can connect. The target server can be http or https. I have added following value in my application info.plist.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Due to above configuration http calls and secure server works fine even if there is any secure server requirement missing i.e TLS1.2, forward secrecy etc.
I want to make sure that my secure server met all the requirement mentioned in iOS documentation i.e TLS1.2, forward secrecy and my request will fail if anything is missing on my secure server. I have use the following configuration and request fail if my server is not correctly configured for SSL requirements (TLS1.2, forward secrecy).
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<false/>
</dict>
After using above configuration I am not able to connect with http server. Is there any way that I can connect with http server and request fail if secure server is not correctly configured.
Note: My app can connect to any server entered by user. I cannot used NSExceptionDomains configuration to specify server.
NSExceptionDomains isn't just for allowing less secure settings on certain domains, you can also use it for the opposite case, for example allowing arbitrary loads by default like you did, then adding exceptions that require more secure settings:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
</dict>
</dict>
</dict>