SecureTransport PSK Support for TLS

Question

Created 4h

Replies 1

Boosts 0

Participants 2

We have successfully deployed our Qt C++ application on Windows and Android using OpenSSL with TLS Pre-Shared Key (PSK) authentication to connect to our servers.

However, I understand that apps submitted to the App Store must use SecureTransport as the TLS backend on iOS. My understandiunig is that SecureTransport does not support PSK ciphersuites, which is critical for our security architecture.

Questions:

Does SecureTransport support TLS PSK authentication, or are there plans to add this feature?
If PSK is not supported, what is Apple's recommended alternative for applications that require PSK-based authentication?
Is there an approved exception process that would allow me to use OpenSSL for TLS connections on iOS while still complying with App Store guidelines?

The application requires PSK for secure communication with our infrastructure, and we need guidance on how to maintain feature parity across all platforms while meeting App Store requirements

Boost

Answer 1

DTS Engineer OP

Apple

3h

Thanks for the post. I do not anything about Qt.

But if you ever decide to write native iOS code, Network.framework does support TLS PSK.

https://support.apple.com/guide/security/tls-security-sec100a75d12/web

This is a questions for Quinn as he is definitely an expert on that. I would recommend to read his post: https://developer.apple.com/forums/thread/67493

And I’m sure he is going to jump into this thread to provide his expert knowledge.

You are completely free to compile OpenSSL for iOS (arm64) and statically link it into your Qt application last time I was looking into that. The only think I can think that will be tricky, because you are bundling your own cryptography (OpenSSL), when you submit your app to App Store Connect, you must answer Yes to the question asking if your app uses encryption. But its been awhile since then and maybe the process has changed?

Albert Pascual   Worldwide Developer Relations.

1