1

I got this email from Amazon saying that some of my app's use SSL to access S3 buckets. After I contacted their support, they gave me a list of clients, which points to my iOS app running on iOS7/8. I use AWS iOS SDK version 1.7.1.

The first thought came to my mind was obviously to update the SDK to the latest. That cost quite some effort due to the major difference between 1.x and 2.x of the SDK. After that, I tested with simulator pointing to their testing end point with SSL disabled. It worked, great!

But tonight I did some reading on AWS forum, in one thread, AWS claimed that all versions of their iOS SDK support TLS... things simply do not add up.

Anybody can think of a reasonable explanation to this? If it is not the SDK, and I obviously never altered the SDK in anyway, what caused SSL accesses to show up on their report?

Peter Pei Guo
  • 7,770
  • 18
  • 35
  • 54

1 Answers1

1

If you have not modified the SDK or not implemented the NSURLConnection's authentication related delegates to manipulate the security model, a proxy can be a potential cause.

Some of the mobile devices may be behind a proxy, and it prevents the proper TLS negotiation. You may need to identify which mobile devices are using SSL and see if there are any common network components between them and the AWS service.

Yosuke
  • 3,759
  • 1
  • 11
  • 21