ioscordovassl-certificatexcode7.2
SSL certificate Error with App Transport Security
I have created Hybrid Mobile app with the support of cordova.
In this project I trying to access https server, which has SSL certificate for security.
On emulate the app I am getting following two errors on Xcode7.2.
CFNetwork SSLHandshake failed (-9824)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
I tried following keys in info.plist not working.
How to access https from hybrid mobile app using cordova?
I run nscurl --ats-diagnostics --verbose https://XXX.XXXX.XXX anf got following result,
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://xxxxxx.xxxxxx.xxx.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
2017-03-20 19:27:19.190 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.191 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf341b6f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Allowing Arbitrary Loads
---
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
Result : PASS
---
================================================================================
Configuring TLS exceptions for xxxxxx.xxxxxx.xxx
---
TLSv1.2
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
};
};
}
2017-03-20 19:27:19.612 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.612 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf360c3c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.1
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
};
};
}
2017-03-20 19:27:19.669 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.669 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3727cf0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.0
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
};
};
}
2017-03-20 19:27:19.725 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.726 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf371abe0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Configuring PFS exceptions for xxxxxx.xxxxxx.xxx
---
Disabling Perfect Forward Secrecy
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:19.784 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.785 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf354f3d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for xxxxxx.xxxxxx.xxx
---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:19.843 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.908 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.962 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.962 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3488c30 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Configuring TLS exceptions with PFS disabled for xxxxxx.xxxxxx.xxx
---
TLSv1.2 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:20.020 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.021 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3534c00 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.1 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.0 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for xxxxxx.xxxxxx.xxx
---
TLSv1.2 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:20.358 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.416 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.471 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.471 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3530fd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxx.xxxxxx.xxx/, NSErrorFailingURLStringKey=https://xxxxxx.xxxxxx.xxx/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.1 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.0 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"xxxxxx.xxxxxx.xxx" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Solution
added following key also in info.plist the issue get resolved.
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
- React-Native iOS app is crashing immediately upon launch when creating development build
- VNRecognizeTextRequest iOS 15 problem recognizing text
- Swift: child view controller content size
- How to change screen and setState at the same time on first click in React Native
- Firebase Crashlytics: Upload missing dSYMs to see crashes from 1 versions.(iOS)
- What's a reliable way to make an iOS app crash?
- Extra padding above table view headers in iOS 15
- iPhone UITableView : How to remove the spacing between sections in group style table?
- Swift - How creating custom viewForHeaderInSection, Using a XIB file?
- Remove Specific Array Element, Equal to String - Swift
- How to detect the end of loading of UITableView
- Push view controller from List in SwiftUI
- Getting SSL handshake failed for Charles Proxy certificate on iOS even after granting full trust
- How promote the application in AppStrore?
- Check whether cell at indexPath is visible on screen UICollectionView
- Could not download and install iOS 17.0 Simulator runtime with Xcode 15.0
- Swift diacritic insensitive "contains()"?
- Xcode unittest build failed with error "Undefined symbols for architecture x86_64"
- How to trigger UIContextMenuInteraction context menu programmatically?
- how do we know if ios app is crashed in last launch?
- Pod Init Error: "force_encoding': can't modify frozen String (FrozenError)" - at iOS
- Disable pull-to-refresh in iOS 15 Safari
- Creating a new instance of Timer when app enters foreground?
- How do I get the App version and build number using Swift?
- Bug in .NET MAUI Custom ScrollView for iOS
- React Native on Ipad - Error - could not connect to development server
- How to animate view movement without using offset?
- iOS Universal Links are not opening in-app
- How to add a placeholder text to UITextView, but, in all cases (even with changing OS) exactly match the text positioning?
- What's the default color for placeholder text in UITextField?