Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Best way for verifying server compliance to Apple's ATS / TLS 1.2 requirement

Tags:

ios

ssl

app-transport-security

tls1.2

So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what's the best way to verify that a server meets all the requirements?

nscurl just outright doesn't work - or I don't know how to use it. My output simply repeatedly says CFNetwork SSLHandshake failed, even though I know the server is compliant.

TLSTool works to some extent but I cannot force the Forward Secrecy (FS) ciphers to be used.

openssl can specify specific cipher for the client mode, but the version I have doesn't have FS ciphers. How do I upgrade openssl?

What's the best way? So far I've had to ssllabs.com's analyze.html. Any suggestions?

like image 372
Hampden123 Avatar asked Dec 23 '15 22:12

Hampden123

People also ask

How do I enable TLS 1.2 on Mac?

How to Enable TLS 1.2 and Disable Earlier Protocols in Opera 10–12. Press Ctrl+F12 (or Command+F12 on a Mac), or click the Opera menu and go to Settings→Preferences. Click on the Advanced tab, then Security in the left sidebar, then the Security Protocols button. Make sure that only Enable TLS 1.2 is checked.

Does Apple support TLS?

iOS, iPadOS, and macOS support Transport Layer Security (TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) and Datagram Transport Layer Security (DTLS). The TLS protocol supports both AES128 and AES256, and prefers cipher suites with forward secrecy.

What is Apple ATS?

On Apple platforms, a networking security feature called App Transport Security (ATS) improves privacy and data integrity for all apps and app extensions.

How do I know if I have TLS on Mac?

Click on "Preferences" and then click on the "Advanced" icon. Then click on the "Change Settings..." button. Click on the "Advanced" tab in the Internet Properties window and browse through the Settings section to make sure that the TLS checkbox is selected. Check the box if it is not and then click on the "OK" button.

1 Answers

Basically nscurl --ats-diagnostics <url> just tries all possible variants of connection to server and responses with PASS/FAIL results for each test. You should just find which tests pass for your server and set ATS configuration accordingly.

Here's a good article on ATS and checking server compliance, it also contains an nscurl example.

like image 53
Alex Skalozub Avatar answered Oct 10 '22 05:10

Alex Skalozub
Sign in to Comment

Related questions

NSURLRequest : Post data and read the posted page
Integrating pods with all targets
UIButton with hold down action and release action
Default tab bar item colors using swift Xcode 6
iOS Swift 3 : Convert "yyyy-MM-dd'T'HH:mm:ssZ" format string to date object
How to make a blinking (or flashing) cursor on iphone?
How to detect tap on UITextField?
Adjust the main screen brightness using Swift
Xcode 6 with iOS 9?
Synchronous URL request on Swift 2
How to limit the textfield entry to 2 decimal places in swift 4?
Add values in NSMutableDictionary in iOS with Objective-C
"There are one or more errors on page." on application submission
How to disable push notification capability in xcode project?
Failed to read file attributes for Images.xcassets in Xcode 9
Unable to dequeue a cell with identifier Cell - must register a nib or a class for the identifier or connect a prototype cell in a storyboard?
Default value for Enum in Swift
How to add dots to UILabel if text does not fit frame
Get Device Token in iOS 8
Xcode: can't build, duplicate symbol - ld: 305 duplicate symbols for architecture arm64

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!