How to Enforce SSL TLS Cipher Suites, Android & iOS Apps

Learn the 3 Easy Steps to Enforce SSL TLS Cipher Suites in Android & iOS Apps to ensure that TLS certs have not been tampered with – No Code, No SDK, Continuous Security

What Are TLS Cipher-Suites and How Are They Used to Protect Mobile Apps?

The TLS/SSL protocol has been around for a very long time, and it supports a wide range of cryptographic algorithms for establishing a secure communication channel and communicating over it.

The protocol still supports some cryptographic algorithms that are now considered outdated, and it is not uncommon for some servers to have outdated configurations.

The reason these algorithms were deemed inadequate is twofold:

Some algorithms were proven to have weaknesses.
With the increase in available computing power, some algorithms have become susceptible to brute-force attacks.

So, for example, you might only want to allow connections where:

The key is established via Elliptic Curve Diffie-Hellman (ECDH)
The Digital Signature Algorithms (DSA) are done with Elliptic Curves (ECDSA)
The channel is encrypted using Galois Counter Mode (GCM) where the block encryption is AES with a key size of 256 (AES256)
The hash can only be SHA384

For these reasons, many organizations seek to enforce a limitation on allowed cipher suites used in their software. e.g. NIAP’s section on cryptographic support (FCS).

In addition, it is not uncommon for attackers to intentionally impersonate servers or weaken their parameters in order to make secure channels not-so-secure anymore.

Implementing and especially maintaining such measures is a difficult task. Sometimes the source code is not available, and more often the services are on uncontrolled endpoints.

Appdome is a no-code mobile app security platform designed to add security features, like Enforce Cipher Suites to Android and iOS apps without coding. This KB shows mobile developers, DevSec and security professionals how to use Appdome’s simple ‘click to build’ user interface to quickly and easily protect mobile data in transit.

3 Easy Steps to Enforce SSL TLS Cipher Suites, Android & iOS Apps

Follow these step-by-step instructions to Enforce TLS Cipher Suites in mobile apps:

Upload an Android or iOS App to Appdome’s no code security platform (.apk, .aab, or .ipa)
Under Build, Click Security, then Secure Communications, switch ON Trusted Session, Expand Session Management, switch ON Enforce Cipher Suites
- Click Choose File and upload your list of allowed cipher suites. If you don’t already have such a file, you can use this template and remove any cipher-suite you want to disallow.
- (optional) Enable Threat Events to configure this security alert on your app.
Click Build My App

Congratulations! When app is now secured with Enforce Cipher Suites.
enforce tls cipher suites

Prerequisites for using TLS Cipher Suite Enforcement

Appdome account. If you don’t already have an account, you can sign up for free.
Mobile App (.ipa for iOS, or .apk or .aab for Android)
Signing Credentials (e.g., signing certificates and provisioning profile)
A list of allowed cipher suites, or use above template.

How To Learn More?

Check this document about cipher-suites from OpenSSL.org.

If you are interested in limiting other aspects of TLS, you should check out how you can Enforce Certificate Roles or Enforce TLS Version.

To zoom out on this topic, visit Appdome for Mobile App Security.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Dany Zatuchna