Best way for verifying server compliance to Apple's ATS / TLS 1.2 requirement

Question

So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what\'s the best way to verify that a server meets all the requirements?

Answer 1

All the methods listed here work, but require some manual labor. The best method I found was testing the server with SSL Labs and comparing the results to Apple's requirements. This seemed like something that could be automated so I created a tool that does just that: https://apptransport.info

If you pass your domain in as a parameter (e.g. https://apptransport.info/craigslist.com) you'll get the following information:

1. Whether or not your server is ATS compliant
2. How to fix your server if necessary
3. How to add ATS exceptions if necessary
4. The results From SSL Labs