Apple Improves SSL/TLS Support in Latest Operating Systems

by sslstreet admin


Posted on September 08,2018 07:29 am


The SSL Street

SSL Certificate is very important when it comes to the Internet security or website security. To keep the sensitive information of user/customer or organizational credentials secure, SSL certificate plays an important role. Secure Socket Layer (SSL) being a standard security protocol, establishes encrypted link between browser and server to secure content from falling into wrong hands of the hacker. Comodo is cyber security platform providing best SSL certificate, naming Comodo SSL. Comodo provides the most reliable Comodo SSL certificate, which has enabled it to maintain its #1 rank in the world.

Apple is a renowned multinational company that designs, develops and sells hardware, software and mobile devices like IPod, IPad, and IPhones. During the annual WWDC (World Wide Developers Conference) in 2017, Apple proclaimed updates of:

1. OS (Operating Systems) for its devices:

  • High Sierra for iOS, macOS, and watchOS

  • New hardware:-

    • iPad Pro

    • HomePod smart speaker

2. Advancement in network security standards

  • SSL/TLS support

  • Cryptographic libraries

Improved SSL/TSL Support

  1. SHA-1 signed certificate: Many web browsers have stopped supporting SHA-1 signed certificates considering its vulnerabilities. As per Apple’s latest updates:

    1. Apple has decided to end SHA-1 support in its new operating systems.

    2. SHA-1 signed root certificates will continue to be supported.

    3. Private keys less than 2048 bits will no longer be trusted.

    4. Client certificate as well as SSL certificates, which are shared through Mobile Device Management, will continue to be supported.

  2. TLS 1.3: IEFT (Internet Engineering Task Force) is unable to finalize the TLS1.3 draft. But Apple has officially declared that it would provide support for TLS 1.3 draft specification in High Sierra and iOS 11.

    1. This will facilitate developers to test TLS 1.3.

    2. Apple had also mentioned that TLS 1.3 will offer drastically fast handshake time. This time will be just 1/3rd of the existing TLS connection speed.

Various web browsers which enabled TLS 1.3 are:

  • Firefox: Mozilla enabled TLS 1.3 in its Firefox web browser by default in the year 2017.
  • Google chrome: Due to compatibility issues, Google Chrome has disabled it after a short period of use.

3. SSL certificate Error User Interface:

In High Sierra and Safari, Apple has successfully managed to redesign viewer’s certificate error user interface (UI). For better understanding let’s compare both.

Typical Certificate error UI

New UI

It will contain SSL-related technical terms such as signature, protocol etc., which is difficult to understand for a person without technical knowledge.

1. Even a non-technical user can understand it easily as Apple has eliminated such technical SSL related terms.

2. Descriptive messaging related to certificate

These improved features of new User Interface are useful to understand the reason for ‘why SSL certificate had not been trusted’,

Improved SSL Revocation Checking

New revocation checking method has been introduced by Apple. As there were certain issues faced in checking certificate revocation, it was the right time when this enhancement was introduced. Certain issues were noticed by experts and have raised questions about the revocation process that is currently used. These issues were:

  • SSL certificate has been compromised to contacting the CA (Certification Authority) for revoking

  • The problem in communicating to the client about the revoked SSL certificates.

At the time SSL /TSL connection is initiated by a client, centralized list of SSL certificate revocation is checked. The connection is established only if the certificate is not revoked. Otherwise, revocation status is confirmed. Conducting a live Online Certificate Status Protocol check, also called OCSP check, with CA, does this. Then the connection is established. However, in the case of revocation confirmation, the connection is refused.

Summary

Apple has proclaimed updates of OS and Network security standards (SSL/TSL certificates) for better and safer experience for users of Apple products. It has initiated significant improvements regarding the SSL certificates in a new updated operating system. In the latest revocation checking method introduced by Apple are listed in the following:

  1. Scanning of Certificate Transparency logs: This is done to find out certificates that Apple platform trusts.

  2. Checking the status of revocation of the certificates from Certificate Authorities.

  3. The status of SSL certificate revocation is collected and shared at regular intervals with Apple devices

For further information on SSL certificate feel free to call us on our toll-free number +1(888) 606-7330. You can also write us on E-mail address info@thesslstreet.com. We also provide Comodo SSL certificate and many more along with their regular services. Our well-trained team works 24*7 / 365 days. We will be happy to help you at any point of the day. Just give us a call on our toll-free number.


Download Now



Newsletter