Apple's Crypto Transition Report

Apple has told IT administrators to start auditing servers now because upcoming Apple operating systems may reject outdated Transport Layer Security, the web encryption used to protect device-to-server traffic. (support.apple.com) In a support document published April 21, Apple said “starting as early as the next major software release,” iOS, iPadOS, macOS, watchOS, tvOS, and visionOS might refuse connections to servers with non-compliant Transport Layer Security, or TLS, settings. The notice is aimed at IT administrators and device management service developers, not consumers. (support.apple.com) Apple’s document says affected connections include mobile device management, declarative device management, automated device enrollment, configuration profile installation, app installation including enterprise distribution, and software updates. It says servers must support TLS 1.2 or later, use App Transport Security-compliant cipher suites, and present valid certificates that meet App Transport Security standards. (support.apple.com) TLS is the lock on an HTTPS connection: it verifies the server and encrypts the session so a phone, Mac, or management system can exchange data safely. Apple’s existing platform security guidance already says App Transport Security expects TLS 1.2, forward secrecy, SHA-256-or-stronger signatures, and at least 2048-bit RSA or 256-bit elliptic-curve keys. (support.apple.com) The immediate issue is not a new rule for every app on the App Store, but a tighter baseline for “system processes,” the Apple-managed parts of the operating system that handle enrollment, updates, and enterprise setup. Apple warned that remediation could take “significant time,” especially when outside vendors run the servers or security appliances in the path. (support.apple.com) Apple has been tightening this area for years. Its security guide says SSL 3 is already blocked in key frameworks, SHA-1 certificates are no longer allowed for TLS on modern Apple systems unless a user explicitly trusts them, and short RSA keys are disallowed. (support.apple.com) Certificate policy has also moved in the same direction. Apple said in a separate support note that TLS server certificates issued on or after September 1, 2020, from system-trusted roots cannot be valid for more than 398 days, and connections to servers that violate that rule can fail. (support.apple.com) The company is also adding newer cryptography before this next enforcement step. Apple says iOS 26, iPadOS 26, macOS Tahoe 26, and visionOS 26 already advertise hybrid quantum-secure key exchange in TLS 1.3 by default, while still falling back to other supported groups when servers are configured correctly. (support.apple.com) That matters for companies with older load balancers, proxies, inspection boxes, certificate chains, or vendor-managed endpoints that still pass traffic but do not meet Apple’s current handshake rules. Apple’s testing instructions tell administrators to use devices on iOS 26.4, iPadOS 26.4, macOS 26.4, watchOS 26.4, tvOS 26.4, or visionOS 26.4 and install a diagnostics profile before running audits. (support.apple.com) Apple has not yet publicly unveiled iOS 27 or macOS 27; WWDC 2026 starts June 8, and Apple’s support note says the stricter checks could begin with the next major release later this year. For network teams, that turns an Apple security update into a server migration deadline. (developer.apple.com)