Apple has announced to developers that it will be dropping support for SSL 3.0 on its push notification service on October 29th in order to mitigate a vulnerability discovered in the software recently.

Developers who currently support both TLS and SSL 3.0 on their push servers will not be impacted by the change, but those using SSL 3.0 exclusively will need to switch to TLS before next Wednesday to ensure there is no disruption in their service. Apple has provided a way for developers to test compatibility with the updated system:

The Apple Push Notification service will be updated and changes to your servers may be required to remain compatible.

In order to protect our users against a recently discovered security issue with SSL version 3.0 the Apple Push Notification server will remove support for SSL 3.0 on Wednesday, October 29. Providers using only SSL 3.0 will need to support TLS as soon as possible to ensure the Apple Push Notification service continues to perform as expected. Providers that support both TLS and SSL 3.0 will not be affected and require no changes.

To check for compatibility, we have already disabled SSL 3.0 on the Provider Communication interface in the development environment only. Developers can immediately test in this development environment to make sure push notifications can be sent to applications.

Push servers that have not been updated to use TLS by next week will no longer be able to send push notifications.

 

About the Author

Mike Beasley's favorite gear