Monday, September 10, 2018

Apple Introduce SSL/TLS Support in Latest OS For Safer Experience

SSL Certificate is very important when it comes to the Internet security or website security. To keep the sensitive information of user/customer or organizational credentials secure, SSL certificate plays an important role.

Apple has proclaimed updates of OS and Network security standards (SSL/TSL certificates) for better and safer experience for users of Apple products. It has initiated significant improvements regarding the SSL certificates in a new updated operating system.

1. OS (Operating Systems) for its devices:

High Sierra for iOS, macOS, and watchOS
New hardware:-
iPad Pro
HomePod smart speaker

2. Advancement in network security standards

SSL/TLS support
Cryptographic libraries



Improved SSL/TSL Support

  • SHA-1 signed certificate: Many web browsers have stopped supporting SHA-1 signed certificates considering its vulnerabilities. As per Apple’s latest updates:
  1. Apple has decided to end SHA-1 support in its new operating systems.
  2. SHA-1 signed root certificates will continue to be supported.
  3. Private keys less than 2048 bits will no longer be trusted.
  4. Client certificate as well as SSL certificates, which are shared through Mobile Device Management, will continue to be supported.
  • TLS 1.3: IEFT (Internet Engineering Task Force) is unable to finalize the TLS1.3 draft. But Apple has officially declared that it would provide support for TLS 1.3 draft specification in High Sierra and iOS 11.
  1. This will facilitate developers to test TLS 1.3.
  2. Apple had also mentioned that TLS 1.3 will offer drastically fast handshake time. This time will be just 1/3rd of the existing TLS connection speed.

Improved SSL Revocation Checking

New revocation checking method has been introduced by Apple. As there were certain issues faced in checking certificate revocation, it was the right time when this enhancement was introduced. Certain issues were noticed by experts and have raised questions about the revocation process that is currently used. These issues were:
  • SSL certificate has been compromised to contacting the CA (Certification Authority) for revoking
  • The problem in communicating to the client about the revoked SSL certificates.
At the time SSL /TSL connection is initiated by a client, centralized list of SSL certificate revocation is checked. The connection is established only if the certificate is not revoked. Otherwise, revocation status is confirmed. 

No comments:

Post a Comment