Best IT Recipes

IOS9 PayPal SDK - "An SSL Error Has Occurred ..."

I get the same error as the message in this question iOS9 get error "an ssl error occurred and a secure connection to the server cannot be made

I checked using SSL Labs using the PayPal URL https://mobileclient.paypal.com and it tells me that it only supports the following ciphers ...

TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA

Which do not exactly match the ciphers listed in the Apple documentation https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/

I wanted to ask, is it true that ciphers are not quite the same? Of course, I don’t want to get around ATS, as far as PayPal is concerned, right?

+2
ios ssl paypal
Sep 30 '15 at 14:52
source share
2 answers

I read the documentation I have to do before asking a question! But in order to allow the ciphers listed, I need to disable NSExceptionRequireForwardSecrecy for this URL, from the docs ...

NSExceptionRequiresForwardSecrecy Boolean to override the requirement that a domain maintain direct secrecy using ciphers.

YES is the default and restricts ciphers to those shown in Behavior by default.

Setting the value to NO adds the following list of accepted ciphers:

  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
+3
Sep 30 '15 at 14:56
source share

As Flexicoder you need to disable NSExceptionRequiresForwardSecrecy .
Add this to your Info.plist

 <key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>yourDomain.com</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> </dict> </dict> </dict>
0
Oct 14 '15 at 12:52
source share


More articles:


All Articles