Geek Answers Handbook

Intermittent SSL Error

getting intermittent SSL error in iOS. I disabled ATS, and we know that this happens in OS versions, iOS9 also

Domain Error = NSURLErrorDomain Code = 1011 "An SSL error has occurred and a secure connection to the server is not possible." UserInfo = {NSLocalizedDescription = An SSL error has occurred and a secure connection to the server is not possible. NSLocalizedRecoverySuggestion = Do you want to connect to the server? anyway ?, _kCFStreamErrorCodeKey = -9806 NSErrorFailingURLStringKey =, _kCFStreamErrorDomainKey = 3, NSUnderlyingError = 0x1471b600

from our criterism journals, it seems some users can replicate this. but we could not

Would you like to connect to the server anyway? <- this makes me suspect that there was authentication. How can I check this?

kCFStreamErrorCodeKey=-9806 - Does anyone know what this error means?

Edit:

-9806 means errSSLClosedAbort http://www.opensource.apple.com/source/Security/Security-55179.13/libsecurity_ssl/Security/SecureTransport.h

what can cause this? I don’t think this is due to the spotted network, because from our snooping tools, SSL connections to other hosts look fine. and when the user encounters this problem, he is re-processed. I think we need to check the failure using wirehark in order to get more information. but we could not repeat it. Does anyone have ideas logging additional information from applications in the wild to debug this?

+6
source share
2 answers

The SSL server certificate does not perform built-in certificate verification. It is up to you how to handle this and submit the correct fix for the user. This can happen for many reasons.

SSL trust assessment is described in detail in Technical Note 2232: SSL Trust Assessment .

+1
source

I had similar errors in several scenarios:

  • The server was accessed via https://www.domainname.com instead of https://domainname.com (pay attention to "www."), And in this case, because I signed this certificate, it made it invalid . (Later I learned how to make a certificate valid for both addresses and use virtualHost and htaccess to always click on www.jeremiedaigle.com).
  • I had a load server that was not configured correctly. One of the servers had a certificate, the other did not.
  • Finally, I also ran into this problem when debugging and trying to use a self-signed certificate, because I used the intermediary proxy (CharlesProxy) to debug my requests. Middleman certificate, in which case the device should have trusted him. You can do this by sending a certificate by email and opening it on the device.
0
source

More articles:


All Articles