Closed whiteHatCip closed 9 months ago
Telegram doesn't use TLS for encryption and instead uses MTProto protocol to transfer encrypted data. HTTP is used only as a transport for the encrypted data and doesn't impose any security issues for Telegram. As you mentioned in the issue description, you can acknowledge that the requests are secure by adding to NSExceptionDomains
all IP addresses from https://github.com/tdlib/td/blob/d963044eb9b8bb075e3f63b8bfd8da735c4c37d9/td/telegram/net/ConnectionCreator.cpp#L1232-L1252
@levlam thank you for your kind and quick reply. I thought that this was not going to be a security issue since everything is encrypted before transferring data. What I am more concerned about is the fact that I will be uploading my application to the AppStore and remember that Apple is quite strict about the security policy for secure loads.
Do you know if using http requests with exception domains will prevent the application from being accepted? I understand that this is not a concern of TDLib's, but maybe you can help me anyway. Thanks again!
Apple's documentation doesn't mention that whitelisting of specific domains requires special approvement. That's all I know.
Hi, I am new to TDLib and TDLibKit. I've been digging into these libraries for just a couple weeks so far and everything seems to be quite fine except for one thing:
When I run the application, I create a tdlibclient instance and in the update handler I run the setTdLibParameters function. Once done, I keep getting these warnings for insecure http requests:
I noticed that there's these two lines in TDLib's
ConnectionCreator.cpp
file, @ line 682Could this be the reason why on watchOS the requests are using the http protocol, in place of https?
Maybe this is something to ask on the TDLib issues directly?
This is annoying because in order to be able to get the connection to telegram servers to work, I need to set domain exceptions for the url that TDLib uses to make requests.
I will really appreciate any insight on this matter. Thank you in advance.