IOS 9 Security and SAP BusinessObjects Mobile
This blog discusses IOS 9 security changes and its impact on SAP BusinessObjects Mobile SSL or HTTPs connections.
With introduction of IOS 9 apple has added certain security measures and mandates that might cause existing setups not to work with certain SSL based setups which do not follow the IOS 9 security recommendations.
Quoting ATS requirements from Apple Site :-
iOS 9.0 Whats New in IOS.
“Requirements for Connecting Using ATS
With ATS fully enabled, your app’s HTTP connections must use HTTPS and must satisfy the following security requirements:
- The server certificate must meet at least one of the following trust requirements:The negotiated Transport Layer Security version must be TLS 1.2
- Issued by a certificate authority (CA) whose root certificate is incorporated into the operating system
- Issued by a trusted root CA and installed by the user or a system administrator
- The negotiated TLS connection cipher suite must support forward secrecy (FS) and be one of the following:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- The leaf server certificate must be signed with one of the following types of keys:
- Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
- Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
- In addition, the leaf server certificate hashing algorithm must be Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 (that is, SHA-256 or greater).”
It is also recommended to follow the ATS requirements which is more secure way for SSL communication.
Be the first to leave a comment
You must be Logged on to comment or reply to a post.