Apple have introduced Apple Transport Security (ATS) in 2016 with iOS 9, over the years ATS has been enforced across various areas of the stack. At the current state iOS apps have to abide by the ATS rules and will fail to connect if the end server does not meet ATS requirements.
At the current stage iOS built in MDM client is exempt from ATS, however this will change in 2018.
You must make sure that your MDM server meets the following TLS requirements:
-
TLS 1.2 is supported
-
Following TLS ciphers are available:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA -
Certificate key is either RSA 2048bit or ECC 256bit
-
Certificate is correctly chained and root trusted by the iOS device
-
Certificate hashing algorithm is SHA256 or greater
You can test the above by running a SSL server test from SSL Server Test (Powered by Qualys SSL Labs)
Official Apple Articles: