NSRequiresCertificateTransparency

Discussion

Certificate Transparency (CT) is a protocol that ATS can use to identify mistakenly or maliciously issued X.509 certificates. Earlier versions of the system used this key to enable or disable CT for a given domain. Specifically, CT requires a domain’s server certificates to have support from signed CT timestamps from at least two CT logs trusted by Apple. For more information about Certificate Transparency, see RFC 6962.

The system now requires this behavior in all cases, making the key irrelevant.

See Also

Exceptions

• NSExceptionAllowsInsecureHTTPLoads
• NSExceptionMinimumTLSVersion
• NSExceptionRequiresForwardSecrecy
• NSExceptionRequiresNIAPTLSPackageVersion