iOS 9 + App Transport Security + Amazon Web Services / by Paulo Fierro

The release of iOS 9 is just around the corner and with that comes App Transport Security. This new feature will enforce that your app's network connections follow best practices. This is handled at a low level and is enabled by default in iOS 9 and OS X El Capitan — and may cause issues in existing apps.

We have a few apps that load data from Amazon Web Services over HTTPS and on iOS 9 they stopped working. The reason being that App Transport Security requires server certificates to be signed with SHA-2 by default and at the moment the AWS certificates use SHA-1.

Amazon has announced AWS will move to SHA-2 by September 30, 2015.

Until then we can add the domain in question as an exception and set NSExceptionRequiresForwardSecrecy to NO. This does not turn off ATS (that would be a bad idea) it simply states that we accept ciphers other than SHA-2.

The Info.plist entry

The Info.plist entry

A quick change to your Info.plist and you’re done!

For more information you should watch Session 711 from WWDC 2015.

Update (Oct 1, 2015)

Looks like this is still not working properly. I ran the ATS diagnostics using nscurl on El Capitan and got these results.