I am getting following error with self signed certificate <blockquote> Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made. </blockquote> while testing web-services for one of my demo app with <ul> <li>iOS 9.3</li> <li>XCode 7.3</li> <li>Swift 2.2</li> <li>Alamofire 3.3.0</li> <li>and Local server : https://filename.hostname.net </li> </ul> Note: before assuming its Duplicate, I would request please read it all the way,even same i have reported to apple dev forums Using Alamofire Library <hr> <pre class="prettyprint"><code>func testAlamofireGETRequest() -> Void { Alamofire.request(.GET, "https://filename.hostname.net/HelloWeb/service/greeting/john") .responseJSON { response in print("Response JSON: \(response.result.value)") } } </code></pre> <hr> Using NSURLSession <hr> <pre class="prettyprint"><code>func testNSURLSessionRequest() -> Void { let session = NSURLSession.sharedSession() let urlString = "https://filename.hostname.net/HelloWeb/service/greeting/john" let url = NSURL(string: urlString) let request = NSURLRequest(URL: url!) let dataTask = session.dataTaskWithRequest(request) { (data:NSData?, response:NSURLResponse?, error:NSError?) -> Void in print("done, error: \(error)") //Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made. } dataTask.resume() } </code></pre> <hr> <blockquote> I spent 2 days with no luck :( there are bunch of questions already posted but nothing worked for me </blockquote> <ul> <li>Transport Security has Blocked a cleartext HTTP</li> <li>iOS9 getting error “an ssl error has occurred and a secure connection to the server cannot be made”</li> <li>How do I load an HTTP URL with App Transport Security enabled in iOS 9? [duplicate]</li> <li>CFNetwork SSLHandshake failed iOS 9</li> <li>How to handle “CFNetwork SSLHandshake failed” in iOS</li> <li>Making HTTPS request in iOS 9 with self-signed certificate</li> <li>ios9 self signed certificate and app transport security</li> </ul> posted Alamofire git issue <ul> <li> 'CFNetwork SSLHandshake failed (-9847)' error when performing a non-SSL request #538 </li> <li> Self-Signed Certificate not accepted #876 </li> <li> how can I connecting my server as HTTPS with using self-signed Certificate file #977 </li> </ul> <hr> My Info.pist file is updated for ATS settings this way <pre class="prettyprint"><code><key>NSAppTransportSecurity</key> <dict> <key>NSExceptionDomains</key> <dict> <key>filename.hostname.net</key> <dict> <key>NSExceptionRequiresForwardSecrecy</key> <false/> <key>NSExceptionAllowsInsecureHTTPLoads</key> <true/> <key>NSIncludesSubdomains</key> <true/> <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key> <true/> </dict> </dict> </dict> </code></pre> <hr> Meanwhile I am able to get response for http://filename.hostname.net and https://google.com but not for https://filename.hostname.net Can anyone please suggest me why I am not able to get this working after huge efforts?

Apple has released the full requirements list for the App Transport Security. Turned out that we were working with TLS v1.2 but were missing some of the other requirements. Here's the full check list: <ul> <li>TLS requires at least version 1.2.</li> <li>Connection ciphers are limited to those that provide forward secrecy (see below for the list of ciphers.)</li> <li>The service requires a certificate using at least a SHA256 fingerprint with either a 2048 bit or greater RSA key, or a 256bit or greater Elliptic-Curve (ECC) key.</li> <li>Invalid certificates result in a hard failure and no connection.</li> <li>The accepted ciphers are: <code> TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA </code> </li> </ul>

iOS 9.3 : An SSL error has occurred and a secure connection to the server cannot be made

Tags:

I am getting following error with self signed certificate

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made.

while testing web-services for one of my demo app with

iOS 9.3
XCode 7.3
Swift 2.2
Alamofire 3.3.0
and Local server : https://filename.hostname.net

Note: before assuming its Duplicate, I would request please read it all the way,even same i have reported to apple dev forums

Using Alamofire Library

func testAlamofireGETRequest() -> Void     {         Alamofire.request(.GET, "https://filename.hostname.net/HelloWeb/service/greeting/john")             .responseJSON         { response in             print("Response JSON: \(response.result.value)")         } }

Using NSURLSession

func testNSURLSessionRequest() -> Void {          let session = NSURLSession.sharedSession()         let urlString = "https://filename.hostname.net/HelloWeb/service/greeting/john"         let url = NSURL(string: urlString)         let request = NSURLRequest(URL: url!)         let dataTask = session.dataTaskWithRequest(request) { (data:NSData?, response:NSURLResponse?, error:NSError?) -> Void in             print("done, error: \(error)")              //Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made.         }         dataTask.resume()     }

I spent 2 days with no luck :(

there are bunch of questions already posted but nothing worked for me

Transport Security has Blocked a cleartext HTTP
iOS9 getting error “an ssl error has occurred and a secure connection to the server cannot be made”
How do I load an HTTP URL with App Transport Security enabled in iOS 9? [duplicate]
CFNetwork SSLHandshake failed iOS 9
How to handle “CFNetwork SSLHandshake failed” in iOS
Making HTTPS request in iOS 9 with self-signed certificate
ios9 self signed certificate and app transport security

posted Alamofire git issue

'CFNetwork SSLHandshake failed (-9847)' error when performing a non-SSL request #538
Self-Signed Certificate not accepted #876
how can I connecting my server as HTTPS with using self-signed Certificate file #977

My Info.pist file is updated for ATS settings this way

<key>NSAppTransportSecurity</key>     <dict>         <key>NSExceptionDomains</key>         <dict>             <key>filename.hostname.net</key>             <dict>                 <key>NSExceptionRequiresForwardSecrecy</key>                 <false/>                 <key>NSExceptionAllowsInsecureHTTPLoads</key>                 <true/>                 <key>NSIncludesSubdomains</key>                 <true/>                 <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>                 <true/>             </dict>         </dict>     </dict>

Meanwhile I am able to get response for

http://filename.hostname.net

and https://google.com

but not for https://filename.hostname.net

Can anyone please suggest me why I am not able to get this working after huge efforts?

552

asked Mar 31 '16 11:03

swiftBoy

2 Answers

At the command-line in OS X, run the following:

nscurl --ats-diagnostics https://filename.hostname.net --verbose

This will tell you what combinations of ATS settings will and will not permit iOS to access your site, and should point you towards what is wrong with your site.

It could be one or more of the following

Certificate hash algorithm (must be SHA-256 or above)
TLS version (must be 1.2)
TLS algorithms (must provide Perfect Forward Secrecy)

151

answered Oct 02 '22 22:10

yaakov

Apple has released the full requirements list for the App Transport Security.

Turned out that we were working with TLS v1.2 but were missing some of the other requirements.

Here's the full check list:

TLS requires at least version 1.2.
Connection ciphers are limited to those that provide forward secrecy (see below for the list of ciphers.)
The service requires a certificate using at least a SHA256 fingerprint with either a 2048 bit or greater RSA key, or a 256bit or greater Elliptic-Curve (ECC) key.
Invalid certificates result in a hard failure and no connection.
The accepted ciphers are: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

answered Oct 02 '22 21:10

TechnicalTophat

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

iOS 9.3 : An SSL error has occurred and a secure connection to the server cannot be made

Tags:

swiftBoy

People also ask

2 Answers

yaakov

TechnicalTophat

Recent Activity

Donate For Us

iOS 9.3 : An SSL error has occurred and a secure connection to the server cannot be made

Tags:

swiftBoy

People also ask

2 Answers

yaakov

TechnicalTophat

Related questions

Recent Activity

Donate For Us