Sunday, October 14, 2018

Apple Upgrades SSL & Website Security Support In Operating Systems

Apple is a renowned multinational company that designs, develops and sells hardware, software and mobile devices like iPod, IPad, and iPhones. During the annual WWDC (World Wide Developers Conference) in 2017, Apple proclaimed updates of: Here we have discussed various updates and improvements Apple has proclaimed for OS and SSL certificate for better user experience and website security.

1) Advancement in network security standards
  • SSL/TLS support
  • Cryptographic libraries

Improved SSL/TSL Support

SHA-1 signed certificate: Many web browsers have stopped supporting SHA-1 signed certificates considering its vulnerabilities. As per Apple’s latest updates.
  • Apple has decided to end SHA-1 support in its new operating systems.
  • SHA-1 signed root certificates will continue to be supported.
  • Private keys less than 2048 bits will no longer be trusted.
  • Client certificate as well as SSL certificates, which are shared through Mobile Device Management, will continue to be supported.
TLS 1.3: IEFT (Internet Engineering Task Force) is unable to finalize the TLS1.3 draft. But  Apple has officially declared that it would provide support for TLS 1.3 draft specification in  High Sierra and iOS 11.
  • This will facilitate developers to test TLS 1.3.
  • Apple had also mentioned that TLS 1.3 will offer drastically fast handshake time. This time will be just 1/3rd of the existing TLS connection speed.


Various Web Browsers Which Enabled TLS 1.3 Are:

Firefox: Mozilla enabled TLS 1.3 in its Firefox web browser by default in the year 2017.
Google chrome: Due to compatibility issues, Google Chrome has disabled it after a short period of use.

2. OS (Operating Systems) For Its Devices:
  1. High Sierra for iOS, macOS, and watchOS
  2. New hardware:-
  • iPad Pro
  • HomePod smart speaker
Improved SSL Revocation Checking

New revocation checking method has been introduced by Apple. As there were certain issues faced in checking certificate revocation, it was the right time when this enhancement was introduced. Certain issues were noticed by experts and have raised questions about the revocation process that is currently used. These issues were:

  • SSL certificate has been compromised to contacting the CA (Certification Authority) for revoking
  • The problem in communicating with the client about the revoked SSL certificates.

No comments:

Post a Comment