Learn the 3 Easy Steps to Enforce SSL TLS Cipher Suites in Android & iOS Apps to ensure that TLS certs have not been tampered with – No Code, No SDK, Continuous Security
The TLS/SSL protocol has been around for a very long time, and it supports a wide range of cryptographic algorithms for establishing a secure communication channel and communicating over it.
The protocol still supports some cryptographic algorithms that are now considered outdated, and it is not uncommon for some servers to have outdated configurations.
The reason these algorithms were deemed inadequate is twofold:
So, for example, you might only want to allow connections where:
For these reasons, many organizations seek to enforce a limitation on allowed cipher suites used in their software. e.g. NIAP’s section on cryptographic support (FCS).
In addition, it is not uncommon for attackers to intentionally impersonate servers or weaken their parameters in order to make secure channels not-so-secure anymore.
Implementing and especially maintaining such measures is a difficult task. Sometimes the source code is not available, and more often the services are on uncontrolled endpoints.
Appdome is a no-code mobile app security platform designed to add security features, like Enforce Cipher Suites to Android and iOS apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily protect mobile data in transit.
Follow these step-by-step instructions to Enforce TLS Cipher Suites in mobile apps:
Congratulations! When app is now secured with Enforce Cipher Suites.
Check this document about cipher-suites from OpenSSL.org.
If you are interested in limiting other aspects of TLS, you should check out how you can Enforce Certificate Roles or Enforce TLS Version.
To zoom out on this topic, visit Appdome for Mobile App Security.
If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.