{ rené.winkelmeyer }

Update your SSL on servers to support TLS 1.2 BEFORE iOS 9 and OS X 10.11

Jul 14, 2015
1 minute

I recently learned that there are still people around there who haven’t their servers (Apache, Domino, whatever) updated to support TLS 1.2. If you belong to this group and you’ve iOS devices (or Macs) accessing that server: read and act!

Apple is introducing App Transport Security (ATS) with iOS 9 and OS X 10.11. The purpose of ATS is to leverage best practice security data connections.

Here is an excerpt for the current pre-release documentation:

In addition, your communication through higher-level APIs needs to be encrypted using TLS version 1.2 with forward secrecy. If you try to make a connection that doesn’t follow this requirement, an error is thrown.

So what does that mean?

Apps like Safari, Mail, custom in-house apps, App Store apps etc. which use a high level API for network communication (i. e. NSURLSession) won’t be able to connect to your server via SSL if the server doesn’t follow the ATS specifications. The network connection will be dropped and that’s it.

You still have some time to update your servers. Eight weeks or so.

Go