NSURLSession getting intermittent SSLHandshake failed (-9810) error

Question

Download image from secure URL, behind a security wall. A URL like https://foo.com/bar.png

Sometimes I'm getting a SSLHandshake error. Sometimes the error happens once, but sometimes the error is constant and I'm unable to download the file.

DownloadImageApp[2914] <Warning>: CHALLENGE!!! (NSURLAuthenticationMethodServerTrust)
DownloadImageApp[2914] <Warning>:    server = foo.com
DownloadImageApp[2914] <Warning>: CFNetwork SSLHandshake failed (-9810)
DownloadImageApp[2914] <Warning>: CHALLENGE!!! (NSURLAuthenticationMethodServerTrust)
DownloadImageApp[2914] <Warning>:    server = foo.com
DownloadImageApp[2914] <Warning>: CHALLENGE!!! (NSURLAuthenticationMethodNTLM)
DownloadImageApp[2914] <Warning>:    NSURLAuthenticationMethodNTLM

I used the following code to handle challenges

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler {
    NSLog(@"CHALLENGE!!! (%@)", challenge.protectionSpace.authenticationMethod);

    if (challenge.error)
        NSLog(@"  -- error: %@", challenge.error.description);
    if (challenge.previousFailureCount > 0)
        NSLog(@"  -- previous failure count = %d", challenge.previousFailureCount);
    if (challenge.proposedCredential)
        NSLog(@"  -- proposed credential user: %@", challenge.proposedCredential.user);

    if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]) {
        NSLog(@"   server = %@", challenge.protectionSpace.host);
        completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
    } else if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodNTLM]) {
        NSLog(@"   NSURLAuthenticationMethodNTLM");
        NSURLCredential *credential = [NSURLCredential credentialWithUser:@"username" password:@"passwordIsSecretShhh" persistence:NSURLCredentialPersistenceForSession];
        completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
    } else {
        NSLog(@"   ????");
    }
}

Even when it fails completely and won't load I can still pop over to Safari, type in the URL and have it load. So I'm looking for ideas which would cause this problem other than bad network issues or spotty issues with the hosting web server.

Answer 1

I finally got this issue resolved. It had nothing to do with my code.

The issues was being cause Trend SSL monitoring software which was installed in the server. Once the software was disabled, the errors instantly vanished.

It's not a great answer, but hopefully it will help someone else.