Use modern cryptographic practices when setting up SSL and TLS services on your server

To make sure that your iOS and OS X clients can connect to your server, use Diffie-Hellman keys with a group size of 2048 bits or greater.

This article has been archived and is no longer updated by Apple.

To ensure security and privacy for your users, and interoperability with Apple products, server administrators should use a group size of 2048 bits or greater when using Diffie-Hellman key exchange.

Services that might use these types of connections include:

  • Enterprise Wi-Fi (802.1X)
  • Secure email connections
  • Secure web connections (HTTPS)
  • Secure Internet printing (IPP over TLS/SSL)

iOS 8.4 and OS X v10.10.4 provide increased security against the "Logjam" vulnerability. After updating an iPhone, iPad, iPod touch, or Mac, these devices no longer connect to servers or webpages that are set up using weaker Diffie-Hellman encryption. 

If your users can't establish a secure connection after updating, check the configuration of your server. Refer to these links for more information:

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Published Date: