Apple has proclaimed updates of OS and Network security standards (SSL/TSL certificates) for better and safer experience for users of Apple products. It has initiated significant improvements regarding the SSL certificates in a new updated operating system.

1. OS (Operating Systems) for its devices:

High Sierra for iOS, macOS, and watchOS

New hardware:-

iPad Pro

HomePod smart speaker

2. Advancement in network security standards

Improved SSL/TSL Support

SHA-1 signed certificate: Many web browsers have stopped supporting SHA-1 signed certificates considering its vulnerabilities. As per Apple’s latest updates:

Apple has decided to end SHA-1 support in its new operating systems.

SHA-1 signed root certificates will continue to be supported.

Private keys less than 2048 bits will no longer be trusted.

Client certificate as well as SSL certificates, which are shared through Mobile Device Management, will continue to be supported.

TLS 1.3: IEFT (Internet Engineering Task Force) is unable to finalize the TLS1.3 draft. But Apple has officially declared that it would provide support for TLS 1.3 draft specification in High Sierra and iOS 11.

• This will facilitate developers to test TLS 1.3.
• Apple had also mentioned that TLS 1.3 will offer drastically fast handshake time. This time will be just 1/3rd of the existing TLS connection speed.

Improved SSL Revocation Checking

New revocation checking method has been introduced by Apple. As there were certain issues faced in checking certificate revocation, it was the right time when this enhancement was introduced. Certain issues were noticed by experts and have raised questions about the revocation process that is currently used. These issues were:

• SSL certificate has been compromised to contacting the CA (Certification Authority) for revoking
• The problem in communicating with the client about the revoked SSL certificates.