Best IT Recipes

IOS 9 ATS SSL Error with Supporting Server

I installed Xcode 7 and tried to run my application under iOS 9. I get a notorious error: Connection failed! Error - -1200 An SSL error has occurred and a secure connection to the server cannot be made. Connection failed! Error - -1200 An SSL error has occurred and a secure connection to the server cannot be made. The fact is that my server supports TLSv1.2, and I use NSURLSession .

What could be the problem?

+18
ios objective-c ssl ios9 nsurlsession
Jul 05 '15 at 15:02
source share
4 answers

Apple has released a complete list of requirements for App Transport Security .

It turned out that we are working with TLS v1.2, but missed some other requirements.

Here is the full list of checks:

  • TLS requires at least version 1.2.
  • Connection slates are limited to those that provide direct privacy (see the list of ciphers below.)
  • Servicing requires a certificate using at least a SHA256 fingerprint with an RSA key with 2048 bits or more or with a 256-bit or more elliptic curve (ECC).
  • Invalid certificates result in a hard failure and connection failure.

Accepted Ciphers:

 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+31
Jul 06 '15 at 12:00
source share

In iOS9, Apple added a new feature called Application Transport Security (ATS).

ATS applies best practices during network calls, including the use of HTTPS.

Apple Documentation Before Release:

ATS prevents accidental disclosure, provides secure default behavior, and is easy to accept. You should accept ATS as soon as possible, regardless of whether you are creating a new application or an existing one.

If you are developing a new application, you should use exclusively HTTPS. If you have an existing application, you should use HTTPS as much as you can right now, and create a migration plan for the rest of your application as soon as possible.

Add the link below to your info.plist and then take a look.

 <key>NSAppTransportSecurity</key> <dict> <key>NSAllowsArbitraryLoads</key> <true/> </dict>

Even you can add a specific exception,

 <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>testdomain.com</key> <dict> <key>NSIncludesSubdomains</key> <false/> <key>NSExceptionAllowInsecureHTTPSLoads</key> <false/> <key>NSExceptionRequiresForwardSecrecy</key> <true/> <key>NSExceptionMinimumTLSVersion</key> <string>TLSv1.2</string> <key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key> <false/> <key>NSThirdPartyExceptionRequiresForwardSecrecy</key> <true/> <key>NSThirdPartyExceptionMinimumTLSVersion</key> <string>TLSv1.2</string> <key>NSRequiresCertificateTransparency</key> <false/> </dict> ... </dict> </dict>
+11
Jul 06 '15 at 4:34
source share

Check this document provided by apple.

I had a similar run-time problem on iOS 9, and what I did to fix it was the NSAppTransportSecurity dictionary was added to my info.plist file with NSAllowsArbitraryLoads Bool set to true , and after cleaning and rebuilding worked.

Hope this helps!

+5
Jul 05 '15 at 16:20
source share

For me, the proxy server blocked an attempt to use the Internet from another source to solve the problem. Wifi, Lan, etc.

+2
Jan 14 '16 at 11:02
source share


More articles:


All Articles