If you're dealing with App Transport Security (ATS), here's one small snippet from the OS X El Capitan Developer Beta 6 Release Notes that you might have missed (I know I did)...
The
tool on OS X El Capitan supports diagnosing ATS secure connections. For example,nscurlwill display ATS connection information for/usr/bin/nscurl --ats-diagnostics https://www.example.com. Runwww.example.comfor more information./usr/bin/nscurl -h
The
nscurlIn addition, if you’re trying to work out exactly what TLS parameters your server supports, one good option is to connect to it using TLSTool. For example:
$ TLSTool s_client -connect forums.developer.apple.com:443 * input stream did open * output stream did open * output stream has space * protocol: TLS 1.2 * cipher: ECDHE_RSA_WITH_AES_256_GCM_SHA384 * trust result: unspecified * certificate info: * 0 rsaEncryption 2048 sha256-with-rsa-signature 'forums.developer.apple.com' * 1 rsaEncryption 2048 sha256-with-rsa-signature 'Symantec Class 3 EV SSL CA - G3' * 2 rsaEncryption 2048 sha1-with-rsa-signature 'VeriSign Class 3 Public Primary Certification Authority - G5' ^C
As you can see, DevForums meets all the ATS requirements, including:
a TLS version of 1.2 (line 5)
a cypher suite of
(line 6)ECDHE_RSA_WITH_AES_256_GCM_SHA384a 2048 bit RSA key in its server certificate (line 9)
that certificate protected by a SHA2-256 signature (line 9)
Some hints and tips for using
TLSToolIf you’re targeting iOS 9, run
on a Mac running OS X 10.11.x on the same network as your iOS device.TLSToolAlternatively, as
is sample code, simply integrate its source code into a test function within your iOS app.TLSToolIf
fails to connect, try running it with theTLSTool-noverifyIf you want to know what certificates are in play, run
with theTLSTool-showcerts
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"