Recently Facebook said all API requests must be made using a using SHA-2 connection after Oct 1, 2015.
So from my understanding, this simply means that the SSL certificates that Facebook uses to encrypt traffic will now be signed using SHA-2, and I need to test my app to ensure it can connect to sites using SHA-2 certificates before their new certificates are deployed on Oct 1, 2015.
Is there a way I can test my app against Facebook's servers as if SHA-2 was already deployed?
I didn't find a way to test it at Facebook itself, but I just made sure my HTTP Client could connect to a site using a SHA-2 signed certificate without error, which I could.
An easy way to do this is to use Github Pages, which has a SHA-2 signed certificate, and allows you to easily upload json or html files to test against, and can be accessed using https:// SHA-2 urls as well. More info here:
Also you can test if your site's SSL certificate is already an SHA-2 cert using the tips at this Stack Overflow question, which suggests a few sites you can use to test your sites certificate online.
For example, here's the test result for pages.github.com
Test any server-side software or apps that access Facebook services against the SHA256-only endpoint {www,graph,api}.sha256.facebook.com.
This endpoint will not be available for testing after December 31, 2015.
Example: https://apps.sha256.facebook.com/candycrush/?fb_source=search&ref=br_tf
I don't know how to test against facebook, but you can test if your client (or app) supports SHA-2 downloading this page: https://sha256rsa.comodoca.com
On mine windows XP service pack 2 the request didn't work, while in XP service pack 3 it works fine.
