iOS® App Transport Security (ATS) enablement notification for RSA SecurID® Software Token for iOS and RSA Authentication Manager beginning January 1, 2017
RSA would like to notify customers utilizing the Software Token for iOS® and dynamic seed provisioning (CT-KIP) to prepare their entire RSA Authentication Manager CT-KIP provisioning infrastructure for iOS App Transport Security (ATS) by January 1, 2017.
Apple has announced that beginning January 1, 2017, all new and updated iOS apps submitted to the App Store must have ATS enabled by default. RSA customers utilizing the Software Token for iOS and provisioning tokens using CT-KIP are strongly advised to prepare their entire Authentication Manager CT-KIP provisioning infrastructure from end-to-end to be ATS compliant by that deadline. Any Software Token for iOS updates (bug fixes or feature enhancements) released by RSA in 2017 will have ATS enabled by default.
The ATS feature requires network communication using Transport Layer Security (TLS) protocol version 1.2 or later with forward secrecy ciphers and certificates that are signed using a SHA-256 or later signature algorithm. RSA Authentication Manager 7.1 does not support the required TLS encryption version, and RSA recommends upgrading to the latest version of Authentication Manager. If the SSL certificate that you use to secure your CT-KIP connections does not use SHA-256 or better, then you must replace it. For instructions on replacing the RSA Authentication Manager 8.x SSL console certificate, see the RSA Authentication Manager Administrator’s Guide.