Release Notes
Abstract
Application Transport Security (ATS) is a critical security measure designed to enhance the security of all app communications over HTTPS. MaaS360 is taking steps to ensure its apps are fully compliant with the Apple ATS requirements.
Content
The upcoming versions of MaaS360 apps will enforce ATS requirements. These updated versions will be available on the App Store. This document serves as an advanced notice to MaaS360 customers regarding the impact and necessary preparations.
Note: The ATS-enforcing MaaS360 apps will be generally available to all customers by default without exceptions. ATS blocks connections that fail to meet minimum security specifications.
MaaS360 apps enforcing ATS requirements
- IBM MaaS360
- MaaS360 Browser
- MaaS360 Secure Editor
Minimum server requirements
This Apple document outlines ATS technical requirements, including server specifications for algorithms, ciphers, and TLS versions: https://developer.apple.com/documentation/security/preventing_insecure_network_connections#3138464
Administrators must ensure that their servers meet the following requirements to establish communication with MaaS360 apps:
- Use HTTPS for Communication: ATS requires all connections to use HTTPS rather than HTTP. Ensure your server supports HTTPS.
- TLS Version and Cipher Suite: ATS supports specific versions of the Transport Layer Security (TLS) protocol and specific cipher suites. Ensure your server supports TLS 1.2 or later, and use strong, secure cipher suites to prevent connection failures.
- Forward Secrecy: Enable forward secrecy on your server to ensure that past communication cannot be decrypted, even if a long-term secret key is compromised.
- Certificate Validity and Trust: Ensure your server's SSL/TLS certificate is valid and signed by a trusted certificate authority (CA). Self-signed certificates are not allowed by default in ATS.
- Public Key Pinning (Optional): If your application uses Public Key Pinning, ensure the server is configured with the proper public key pins in its response headers.
- Content Delivery Networks (CDN): If your application uses a content delivery network, ensure it complies with ATS requirements, including using HTTPS for CDN resources.
- App Transport Security (ATS) Diagnostic Logs: Check the ATS diagnostic logs on the device for any reported connection issues. These logs can provide detailed information on why a connection might be failing.
- Stay Informed about ATS Updates: Keep informed about any updates or changes to ATS requirements to maintain compatibility with future iOS releases.
Resources accessed by MaaS360 apps
Administrators can verify ATS compliance for various resources used by MaaS360 apps, including:
IBM MaaS360 for iOS app:
- Email Servers configurations
- Proxy/Load Balancers.
- Document Sources and External document links shared using Admin Pushed docs.
MaaS360 Browser app:
- Website access (Internal websites [MEG]/External websites)
- File Downloads
Admin actions to verify ATS compatibility on all user domains
To validate ATS compatibility for all user domains, administrators can use the following methods:
MAC users:
- Use Apple’s nscurl tool for assessing compliance with the ATS requirements. For more information, refer to https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW41
Windows users:
- Use the PowerShell script for evaluating ATS compliance. For more details, refer to https://github.com/jchri/ProbeTLSforATS
MaaS360 supported versions for ATS:
MaaS360 updates the following iOS apps on the App Store to support ATS:
- IBM MaaS360 5.80.10+
- MaaS360 Browser 3.94.3+
- MaaS360 Secure Editor 3.50.5+
Conclusion
To ensure compliance with Apple's ATS requirements, MaaS360 administrators must review server specifications, test the ATS-enforcing MaaS360 apps in their TestFlight environment, and diagnose any potential ATS connection issues using Apple's nscurl tool. Additionally, administrators should monitor MaaS360 communication channels and regularly review Apple's ATS documentation to stay informed about future updates.
Was this topic helpful?
Document Information
Modified date:
21 June 2024
UID
ibm17106760