验证服务器符合Apple ATS / TLS 1.2要求的最佳方法 [英] Best way for verifying server compliance to Apple's ATS / TLS 1.2 requirement
问题描述
因此Apple要求TLS 1.2具有针对iOS 9开始的URL的前向保密性。独立于应用程序,验证服务器是否满足所有要求的最佳方法是什么?
So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what's the best way to verify that a server meets all the requirements?
nscurl直接无效 - 或者我不知道如何使用它。我的输出只是反复说CFNetwork SSLHandshake失败,即使我知道服务器是合规的。
nscurl just outright doesn't work - or I don't know how to use it. My output simply repeatedly says CFNetwork SSLHandshake failed, even though I know the server is compliant.
TLSTool在某种程度上起作用但我不能强制使用前向保密(FS)密码可以使用。
TLSTool works to some extent but I cannot force the Forward Secrecy (FS) ciphers to be used.
openssl可以为客户端模式指定特定的密码,但我的版本没有FS密码。如何升级openssl?
openssl can specify specific cipher for the client mode, but the version I have doesn't have FS ciphers. How do I upgrade openssl?
最好的方法是什么?到目前为止,我不得不使用ssllabs.com的analyze.html。有什么建议吗?
What's the best way? So far I've had to ssllabs.com's analyze.html. Any suggestions?
推荐答案
基本上 nscurl --ats-diagnostics< url>
尝试所有可能的服务器连接变体和每个测试的PASS / FAIL结果响应。您应该找到为您的服务器传递的测试并相应地设置ATS配置。
Basically nscurl --ats-diagnostics <url>
just tries all possible variants of connection to server and responses with PASS/FAIL results for each test. You should just find which tests pass for your server and set ATS configuration accordingly.
这里是一篇关于ATS和检查服务器合规性的好文章,它还包含一个nscurl示例。
Here's a good article on ATS and checking server compliance, it also contains an nscurl example.
这篇关于验证服务器符合Apple ATS / TLS 1.2要求的最佳方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!