Menu
So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what's the best way to verify that a server meets all the requirements?
nscurl just outright doesn't work - or I don't know how to use it. My output simply repeatedly says CFNetwork SSLHandshake failed, even though I know the server is compliant.
TLSTool works to some extent but I cannot force the Forward Secrecy (FS) ciphers to be used.
openssl can specify specific cipher for the client mode, but the version I have doesn't have FS ciphers. How do I upgrade openssl?
What's the best way? So far I've had to ssllabs.com's analyze.html. Any suggestions?
372
How to Enable TLS 1.2 and Disable Earlier Protocols in Opera 10–12. Press Ctrl+F12 (or Command+F12 on a Mac), or click the Opera menu and go to Settings→Preferences. Click on the Advanced tab, then Security in the left sidebar, then the Security Protocols button. Make sure that only Enable TLS 1.2 is checked.
iOS, iPadOS, and macOS support Transport Layer Security (TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) and Datagram Transport Layer Security (DTLS). The TLS protocol supports both AES128 and AES256, and prefers cipher suites with forward secrecy.
On Apple platforms, a networking security feature called App Transport Security (ATS) improves privacy and data integrity for all apps and app extensions.
Click on "Preferences" and then click on the "Advanced" icon. Then click on the "Change Settings..." button. Click on the "Advanced" tab in the Internet Properties window and browse through the Settings section to make sure that the TLS checkbox is selected. Check the box if it is not and then click on the "OK" button.
Basically nscurl --ats-diagnostics <url> just tries all possible variants of connection to server and responses with PASS/FAIL results for each test. You should just find which tests pass for your server and set ATS configuration accordingly.
Here's a good article on ATS and checking server compliance, it also contains an nscurl example.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
