Use of an insecure version of TLS protocol SW-S1002
Choosing secure TLS versions in your app is important because using outdated or vulnerable TLS versions can expose your app's communication to potential attacks. Malicious actors could take advantage of known vulnerabilities in these older TLS versions to intercept sensitive information, compromise user privacy, or perform other malicious actions.
TLS versions 1.0 and 1.1 have been found to have several vulnerabilities. To mitigate these security risks, the recommendation is to use more secure TLS versions, such as TLS 1.2 or the even more modern TLS 1.3, which address many of these vulnerabilities and provide stronger security guarantees.
To ensure that your app's network communication uses a secure TLS version, either set the version to TLSv1.3 or use the default options while creating the session object. To set the version explicitly use tlsMinimumSupportedProtocolVersion property of URLSessionConfiguration
`
Bad Practice
let config = URLSessionConfiguration.default
// Using `TLSv10` is insecure
config.tlsMinimumSupportedProtocolVersion = tls_protocol_version_t.TLSv10
Recommended
let config = URLSessionConfiguration.default
// `tlsMinimumSupportedProtocolVersion` has been explicitly set to `TLSv13` or do not set this option since the defaults are secure
config.tlsMinimumSupportedProtocolVersion = tls_protocol_version_t.TLSv13