Best way for verifying server compliance to Apple's ATS / TLS 1.2 requirement

Question

So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what\'s the best way to verify that a server meets all the requirements?

Answer 1

Using nscurl (available in macOS El Capitan and higher), you can use the --ats-tls-version switch to test specifically for TLS 1.2 compliance, e.g.:

nscurl --ats-diagnostics --ats-tls-version TLSv1.2

This will also test for Perfect Forward Secrecy. If you want to disable testing for PFS, use the --ats-disable-pfs switch.

nscurl --ats-diagnostics --ats-tls-version TLSv1.2 --ats-disable-pfs