It's noted in https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/ that SDK9 will not allow SHA-256 certs or above. But also there is a TLS1.1 and under exeption process.
NSExceptionMinimumTLSVersion. Since only the TLS1.2 protocol can use a SHA-256 cert while the lower versions can't, doesn't the use of this exception allow the developers use the SHA-1 certs? If so, the message below seems conflicting and requires an exception of SHA-1 cert message as well.
"Certificates must be signed using a SHA256 or better signature hash algorithm, with either a 2048 bit or greater RSA key or a 256 bit or greater Elliptic-Curve (ECC) key. Invalid certificates result in a hard failure and no connection."