2 Replies
      Latest reply on Jun 11, 2019 8:59 AM by davisjj
      davisjj Level 1 Level 1 (0 points)

        Hi, I am trying to track down the docs for this, but there wasn't a "What's New in iOS Security" session that I could find from last week.  My enterprise utilizes SSL Decryption/Inspection at the firewall, which of course, replaces each certificate with one of our own.  This has worked mostly ok through iOS 12.x, but I am noticing that our iOS 13 test devices are basically failing every SSL transaction now.  Some apps are reporting that the certificate is invalid, others like Safari, are just failing to load any pages. 

         

        What I'm trying to find out is whether or not certificate pinning is being enforced in iOS 13.  If it is, I will have to let our security team know that we may not be able to decrypt iPhone traffic now.  I realize that this is only going to impact enterprises that are inspecting traffic, but has anyone else run into this?  Does anyone know where i can find documentation on the network security changes in iOS 13? 

         

        Thanks,

        Jesse

        • Re: iOS 13 Certificate Pinning and Encrypted Data Management
          eskimo Apple Staff Apple Staff (11,835 points)

          Does anyone know where i can find documentation on the network security changes in iOS 13?

          Check out Requirements for trusted certificates in iOS 13 and macOS 10.15.

          You’ll note that this article is on the customer-facing support site, not the developer site.  That’s because this is more of a customer support issue than a question about APIs.  Given that, you might have more luck asking it over in Apple Support Communities, run by Apple Support.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: iOS 13 Certificate Pinning and Encrypted Data Management
              davisjj Level 1 Level 1 (0 points)

              Thanks Eskimo.  It seems that, this year in particular, Apple is really starting to acknowledge that the IT Community has a lot of overlap with the Developer community, making the betas available via ABM membership.  We're in the Enterprise dev program as well, but it's nice to see them recognizing that it isn't just developers who need to test.  That said, I think this issue probably falls into the ABM/Enterprise space, and I'm not sure if there is a forum for that or not.

               

              In any event, thanks for pointing me to the new cert requirements.  A colleage had also sent that to me.  Unfortunately, that doesn't speak to whether or not certificate pinning is being enforced.  I'll keep digging. 

               

              Thanks again,

              Jesse