If you're dealing with App Transport Security (ATS), here's one small snippet from the OS X El Capitan Developer Beta 6 Release Notes that you might have missed (I know I did)...
nscurltool on OS X El Capitan supports diagnosing ATS secure connections. For example,
/usr/bin/nscurl --ats-diagnostics https://www.example.comwill display ATS connection information for
/usr/bin/nscurl -hfor more information.
nscurl tool is useful in general, but this option is particularly valuable when debugging ATS issues.
In addition, if you’re trying to work out exactly what TLS parameters your server supports, one good option is to connect to it using TLSTool. For example:
$ TLSTool s_client -connect forums.developer.apple.com:443 * input stream did open * output stream did open * output stream has space * protocol: TLS 1.2 * cipher: ECDHE_RSA_WITH_AES_256_GCM_SHA384 * trust result: unspecified * certificate info: * 0 rsaEncryption 2048 sha256-with-rsa-signature 'forums.developer.apple.com' * 1 rsaEncryption 2048 sha256-with-rsa-signature 'Symantec Class 3 EV SSL CA - G3' * 2 rsaEncryption 2048 sha1-with-rsa-signature 'VeriSign Class 3 Public Primary Certification Authority - G5' ^C
As you can see, DevForums meets all the ATS requirements, including:
a TLS version of 1.2 (line 5)
a cypher suite of
a 2048 bit RSA key in its server certificate (line 9)
that certificate protected by a SHA2-256 signature (line 9)
Some hints and tips for using
If you’re targeting iOS 9, run
TLSToolon a Mac running OS X 10.11.x on the same network as your iOS device.
TLSToolis sample code, simply integrate its source code into a test function within your iOS app.
TLSToolfails to connect, try running it with the
If you want to know what certificates are in play, run
Share and Enjoy
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"