Apple App Transport Security [iOS 9] and GAE https
126 views
Skip to first unread message
Ivan Golubev
Aug 25, 2015, 9:00:09 AM8/25/15
to Google App Engine
Hello guys,
I have received a notification from Apple stating that they gonna tighten the security rules in iOS 9:
1. The protocol Transport Security Layer (TLS) must be at least version 1.2.
2. Certificates must use at least an SHA256 fingerprint with either a 2048 bit or greater RSA key,
or a 256 bit or greater Elliptic-Curve (ECC) key.
2. Certificates must use at least an SHA256 fingerprint with either a 2048 bit or greater RSA key,
or a 256 bit or greater Elliptic-Curve (ECC) key.
3. Connection ciphers are limited to those that provide forward secrecy:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
More details here.
I have a couple of applications running with https URLs and I want to make sure they won't fail on iOS 9.
The question is: does app engine satisfy these requirements ? Any documentation on this ?
Nick (Cloud Platform Support)
Aug 26, 2015, 5:08:23 PM8/26/15
to Google App Engine
Hey Ivan,
It seems as though some of these can be tested in practice, and some depend on the certificate you upload, or whether you access via https://<app id>.appspot.com.
You can use tools such as Qualys SSL Labs SSL Test to check the properties of the SSL on your domain.
Let me know if you have any further questions based on this.
Best wishes,
Nick
Nick
Ivan Golubev
Aug 27, 2015, 7:59:38 AM8/27/15
to Google App Engine
Thank you Nick,
that was very useful. I got a detailed info on the certificate used.
Reply all
Reply to author
Forward
0 new messages