Search code examples
maximo-anywhere

Can't login on iOS when worklight.server.url set to HTTPS

When building iOS Anywhere applications if I set the worklight.server.url to an https address (doesn't matter which, just that it's https address) the application will then not be able to connect to the server when installed on the device, or any server even if changed in the settings. When trying to log in it brings up the loading message and then just fails with no error.

If I build the application pointed at an http address and then change it in the settings to the https it works fine. So it seems to be something specific to the built app.

Android and simulator both work fine.

Solution

  • The issue was caused by ATS settings. The server was failing when Forward Secrecy was in use. I tested this using nscurl: receiving the following results:

    TLSv1.2
ATS Dictionary:
{
    NSExceptionDomains =     {
        "*customer-details*.com" =         {
            NSExceptionMinimumTLSVersion = "TLSv1.2";
        };
    };
}
2018-03-12 12:40:12.277 nscurl[21636:8171556] CFNetwork SSLHandshake failed (-9824)
2018-03-12 12:40:12.278 nscurl[21636:8171556] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fe06b62a410 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://*customer-details*.com/, NSErrorFailingURLStringKey=https://*customer-details*.com/, _kCFStreamErrorDomainKey=3}

    I updated the info.plist file in the iphone native folder to match the below settings:

    <key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <false/>
    <key>NSExceptionDomains</key>
    <dict>
        <key>*customer-details*.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TSLv1.2</string>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>

    The important setting in my case being NSExceptionRequiresForwardSecrecy being set to false.

    I originally overlooked this as NSAllowsArbitraryLoads was set to true but this doesn't seem to have an effect.