Best way for verifying server compliance to Apple's ATS / TLS 1.2 requirement

Question

So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what\'s the best way to verify that a server meets all the requirements?

Answer 1

Basically nscurl --ats-diagnostics just tries all possible variants of connection to server and responses with PASS/FAIL results for each test. You should just find which tests pass for your server and set ATS configuration accordingly.

Here's a good article on ATS and checking server compliance, it also contains an nscurl example.