Add a note about SSL security

Explain the expiry date and resolution for SSL certificate pinning
saltedge · Aug 8, 2016 · 1dfb540 · 1dfb540
1 parent 5c4ece2
commit 1dfb540
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -270,6 +270,10 @@ Set up the `clientId`, `appSecret` and `customerIdentifier` constants to your Cl
 
 The current version of the SDK is [3.1.1](https://github.com/saltedge/saltedge-ios/releases/tag/v3.1.1), and is in compliance with the Salt Edge API's [current version](https://docs.saltedge.com/guides/versioning/). Any backward-incompatible changes in the API will result in changes to the SDK.
 
+## Security
+
+Starting with the [3.1.0](https://github.com/saltedge/saltedge-ios/releases/tag/v3.1.0) release, the SDK enables SSL pinning. That means that every API request that originates in `SEAPIRequestManager` will have SSL certificate validation. The current Salt Edge SSL certificate will expire on 1st of May 2018, meaning that it will be renewed in the first week of April 2018. Following the SSL certificate renewal, the SDK will be updated to use the new certificate for SSL pinning. As a result of that, usage of older versions of the SDK will not be possible since every request will fail because of the old SSL certificate. Salt Edge clients will be notified about this and there will be enough time in order to update the apps to the newer version of the SDK.
+
 ## License
 
 See the LICENSE file.