TLS V 1.1 and TLS V 1.2 iOS issue

1. The Min TLS version in your Info.plist is only needed if your server does not support at least TLS 1.2. If your server is TLS 1.2, you won't need to add an exception to your Info.plist. However, the ATS requirements are much more than just the TLS version (see the useyourloaf.com article, specifically the "Not Just HTTPS" section)

2. Forward secrecy is a feature of your server security that ensures that if your key is compromised, any past traffic that was captured and stored wouldn't be able to be decrypted wholesale. Some servers don't support it for legitimate reasons, so Apple does allow you to add an exception in your ATS exceptions without requiring justification when you submit for the app store.

3. A Cipher suite is a combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate the security settings. (from Wikipedia). Basically it is a combination of the parts that make the server encryption work.

If you're unsure if your connections to your server will have problems with ATS, you can simply run your app on an iOS 10 device (I would do an iOS 9 device as well, as there are differences between the two for some scenarios). If the connections fail due to ATS, you will either need to make some server changes, or add exceptions to your Info.plist.

Or you could run the following command on your Mac terminal: nscurl --ats-diagnostics <url> It will run a full suite of ATS checks on your server and report any failures. Failures will generally mean you need to add an ATS exception or address the failure on the server.

For more information about ATS troubleshooting and diagnostics, again this article is a great resource. It discusses some of the things I've said above, as well as enabling more details CFNETWORK_DIAGNOSTICS logging.