logo

Database

Swift Weak Tls Configuration

Description

Identifies weak TLS (Transport Layer Security) configurations in Swift applications that could lead to insecure communications. Weak TLS settings can expose applications to man-in-the-middle attacks and data interception by allowing insecure protocols or cipher suites.

Weakness:

016 - Insecure encryption algorithm - SSL/TLS

Category: Information Collection

Detection Strategy

    Search for TLS configuration settings through variable assignments (e.g., configuration properties being set)

    Identify method calls that configure TLS settings with potentially insecure parameters

    Check if the TLS configuration allows deprecated protocols or weak cipher suites

    Flag any explicit disabling of certificate validation or use of insecure TLS versions

Vulnerable code example

import Foundation

func configureInsecureSession() {
    let config = URLSessionConfiguration.default
    
    // VULNERABLE: Explicitly sets minimum TLS version to an outdated protocol (TLS 1.1)
    config.tlsMinimumSupportedProtocolVersion = .TLSv11
    ...

✅ Secure code example

import Foundation

func configureSecureSession() {
    let config = URLSessionConfiguration.default
    
    // SECURE: Sets minimum TLS version to 1.3, which provides strongest security
    config.tlsMinimumSupportedProtocolVersion = .TLSv13
    ...