Platform

ios

MASVS v1 MSTG-NETWORK-2

MASVS v2 MASVS-NETWORK-1

Last updated: May 08, 2023

Testing the TLS Settings

Overview

Remember to inspect the corresponding justifications to discard that it might be part of the app intended purpose.

It is possible to verify which ATS settings can be used when communicating to a certain endpoint. On macOS the command line utility nscurl can be used. A permutation of different settings will be executed and verified against the specified endpoint. If the default ATS secure connection test is passing, ATS can be used in its default secure configuration. If there are any fails in the nscurl output, please change the server side configuration of TLS to make the server side more secure, rather than weakening the configuration in ATS on the client. See the article "Identifying the Source of Blocked Connections" in the Apple Developer Documentation for more details.

Refer to section "Verifying the TLS Settings" in chapter Testing Network Communication for details.

Resources

• Apple Developer Documentation
• inspect the corresponding justifications