iOS® App Transport Security (ATS) enablement notification for RSA SecurID® Software Token for iOS and RSA Authentication Manager beginning January 1, 2017

Document created by RSA Link Team Employee on Jul 5, 2016Last modified by RSA Link Team Employee on Aug 25, 2016
Version 2Show Document
  • View in full screen mode

Summary:

RSA would like to notify customers utilizing the Software Token for iOS® and dynamic seed provisioning (CT-KIP) to prepare their entire RSA Authentication Manager CT-KIP provisioning infrastructure for iOS App Transport Security (ATS) by January 1, 2017.

 

Description:

Apple has announced that beginning January 1, 2017, all new and updated iOS apps submitted to the App Store must have ATS enabled by default. RSA customers utilizing the Software Token for iOS and provisioning tokens using CT-KIP are strongly advised to prepare their entire Authentication Manager CT-KIP provisioning infrastructure from end-to-end to be ATS compliant by that deadline. Any Software Token for iOS updates (bug fixes or feature enhancements) released by RSA in 2017 will have ATS enabled by default.

The ATS feature requires network communication using Transport Layer Security (TLS) protocol version 1.2 or later with forward secrecy ciphers and certificates that are signed using a SHA-256 or later signature algorithm. RSA Authentication Manager 7.1 does not support the required TLS encryption version, and RSA recommends upgrading to the latest version of Authentication Manager. If the SSL certificate that you use to secure your CT-KIP connections does not use SHA-256 or better, then you must replace it. For instructions on replacing the RSA Authentication Manager 8.x SSL console certificate, see the RSA Authentication Manager Administrator’s Guide.

For more information on ATS, go to https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html and see the "Requirements for Connecting Using ATS" section.

 

For additional documentation, downloads, and more, visit the RSA SecurID Suite page on RSA Link.

 

EOPS Policy:

RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.

Attachments

    Outcomes