If you're dealing with App Transport Security (ATS), here's one small snippet from the OS X El Capitan Developer Beta 6 Release Notes that you might have missed (I know I did)...
The
tool on OS X El Capitan supports diagnosing ATS secure connections. For example,nscurlwill display ATS connection information for/usr/bin/nscurl --ats-diagnostics https://www.example.com. Runwww.example.comfor more information./usr/bin/nscurl -h
The
nscurlIn addition, if you’re trying to work out exactly what TLS parameters your server supports, one good option is to connect to it using TLSTool. For example:
$ TLSTool s_client -connect forums.developer.apple.com:443
* input stream did open
* output stream did open
* output stream has space
* protocol: TLS 1.2
* cipher: ECDHE_RSA_WITH_AES_256_GCM_SHA384
* trust result: unspecified
* certificate info:
* 0 rsaEncryption 2048 sha256-with-rsa-signature 'forums.developer.apple.com'
* 1 rsaEncryption 2048 sha256-with-rsa-signature 'Symantec Class 3 EV SSL CA - G3'
* 2 rsaEncryption 2048 sha1-with-rsa-signature 'VeriSign Class 3 Public Primary Certification Authority - G5'
^CAs you can see, DevForums meets all the ATS requirements, including:
a TLS version of 1.2 (line 5)
a cypher suite of
(line 6)ECDHE_RSA_WITH_AES_256_GCM_SHA384a 2048 bit RSA key in its server certificate (line 9)
that certificate protected by a SHA2-256 signature (line 9)
Some hints and tips for using
TLSToolIf you’re targeting iOS 9, run
on a Mac running OS X 10.11.x on the same network as your iOS device.TLSToolAlternatively, as
is sample code, simply integrate its source code into a test function within your iOS app.TLSToolIf
fails to connect, try running it with theTLSTool
option.-noverifyIf you want to know what certificates are in play, run
with theTLSTool
option.-showcerts
Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"