Recently I started getting inconsistent BoringSSL issues that is causing my cordova/ionic app to hang. It happens about 1 out of every 4 or 5 times I launch the app from Xcode to a physically attached test iPhone 6. The test phone uses WiFi only (no carrier network). Having a devil of a time find any solid solutions or what the root of the problem is.
Some indicate its DNS, others say its related to Firebase...I have tried a few of the fixes those threads have mentioned but none are working for me.
[BoringSSL] nw_protocol_boringssl_input_finished(1543) [C3.1:2][0x12fd335c0] Peer disconnected during the middle of a handshake. Sending errSSLClosedNoNotify(-9816) alert
TIC TCP Conn Failed [3:0x2805712c0]: 3:-9816 Err(-9816)
[BoringSSL] nw_protocol_boringssl_input_finished(1543) [C5.1:2][0x12fe46470] Peer disconnected during the middle of a handshake. Sending errSSLClosedNoNotify(-9816) alert
TIC TCP Conn Failed [5:0x280575f80]: 3:-9816 Err(-9816)
[BoringSSL] boringssl_context_alert_callback_handler(3724) [C6.1:2][0x12fd43710] Alert level: fatal, description: inappropriate fallback
[BoringSSL] boringssl_session_errorlog(224) [C6.1:2][0x12fd43710] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library
[BoringSSL] boringssl_session_handshake_error_print(205) [C6.1:2][0x12fd43710] 5097281768:error:1000043e:SSL routines:OPENSSL_internal:TLSV1_ALERT_INAPPROPRIATE_FALLBACK:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/tls_record.cc:586:SSL alert number 86
[BoringSSL] boringssl_context_get_error_code(3617) [C6.1:2][0x12fd43710] SSL_AD_INAPPROPRIATE_FALLBACK
TIC TCP Conn Failed [6:0x280576640]: 3:-9860 Err(-9860)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9860)
Task <02ADA890-35C5-4DE7-B0E5-6EC812CF79E6>.<1> HTTP load failed (error code: -1200 [3:-9860])
Task <02ADA890-35C5-4DE7-B0E5-6EC812CF79E6>.<1> finished with error - code: -1200
nw_protocol_boringssl_get_output_frames(1301) [C1.1:2][0x12fe15ea0] get output frames failed, state 8196
nw_protocol_boringssl_get_output_frames(1301) [C1.1:2][0x12fe15ea0] get output frames failed, state 8196
If the app sees this error when initializing, the app hangs at the splash screen. If it makes it past this issue then the app works just fine and I only see nw_protocol_get_output_frames messages every so often (don't know what those are about either).
Anyone have any ideas as to what is causing this, where to look or possibly what the fix is?
Cordova CLI: 9.0.0 (cordova-lib#9.0.1)
cordova-ios: v5.0.0
Gulp version: CLI version 3.9.1
Gulp local:
Ionic Framework Version: 1.3.4
Ionic CLI Version: 1.7.16
Ionic App Lib Version: 0.7.3
ios-deploy version: 1.9.4
ios-sim version: 8.0.1
OS: Mac OS X El Capitan
Node Version: v6.11.4
Xcode version: Xcode 10.1 Build version 10B61
I was stuck at this error and what I did was enable all kinds of logs on XCode and that revealed that the error with this BoringSSL was from a call to the API Crashlytics of google. What solved this matter to me was enter on firebase, enable crashlytics for my project, install the plugin (https://ionicframework.com/docs/native/firebase-crashlytics) and initialise it.
To find crashlytics on firebase you enter on the console and search on the left, under the menu quality, crashlytics. After that if you have already your GoogleService-Info.plist on your app, what remains is to install the plugin and initialise it according the docs.
[EDIT] Dont know if the above will contribute, because on another batch of tests I found that it didnt fix the issue. But when I add the next lines to config.plist it resolves:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>app-measurement.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>mtalk.google.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>play.googleapis.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>settings.crashlytics.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>googleapis.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
<key>localhost</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
<key>127.0.0.1</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
<key>NSAllowsArbitraryLoadsInWebContent</key>
<false/>
</dict>
https://forums.developer.apple.com/thread/42555
https://cocoacasts.com/app-transport-security-has-blocked-my-request
Related
I have an app and I am trying to download file which is on AWS S3 and 5mb. I am having no issue with cellular but with comparingly slow wifi (not so slow about 120 kb/s), the download stops about 10%. I was searching a lot and did some motification on info.plist but didn't help. Below you can see what I used in info.plist and logs during download.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>amazonaws.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.2</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
log output:
2019-06-04 22:17:36.828347+0300 My App [12042:57908] [BoringSSL] nw_protocol_boringssl_get_output_frames(1301) [C3.1:2][0x7fdd3c72a8e0] get output frames failed, state 8196
This question already has answers here:
CFNetwork SSLHandshake failed iOS 9
(11 answers)
Closed 4 years ago.
Has anyone with the iOS 9 beta 1 had this issue?
I added the IOS sudo ionic cordova platform add ios The IOS Folder is added and the application.xcodeproj is added
My app was running successfully however, all AJAX failed.
Add this snippets to your .plist file.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow insecure HTTP requests-->
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
and
<key>NSAppTransportSecurity</key>
<dict>
<!--Connect to anything (this is probably BAD)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
I am working on a Mobile app built in cordova which uses REST API. The App works well in itself, but I have a Share Extension built with xcode for which I get this error for an API call.
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fe888624290 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://www.example.com/, NSErrorFailingURLStringKey=https://www.example.com/, _kCFStreamErrorDomainKey=3}
I have this in the Info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.example.com</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSRequiresCertificateTransparency</key>
<false/>
</dict>
</dict>
</dict>
Your server SSL is probably not secure or correctly installed.
You should check if it is correctly installed with some of the available webservices out there or something.
Example
or this one
It can also be that your SSL is self-signed and simply not trusted by iOS as trusted.
First, test your server with :
/usr/bin/nscurl --ats-diagnostics www.mydomain.com
You said your main app is well-working, so the issue may be in your extension plist.
Did you add the same ATS entry in your extension plist ?
I've been working on this project for a month and all internet requests were working fine until today, I am seeing this error whenever I execute a request :
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9814)
Although, in my info.plist, I added the APT configuration from the start:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Keep in mind, that everything was working fine, I didn't change anything.
I tried this, on iOS 9 and iOS 7, and I am getting the same error.
try this in info.plist,
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>YOURHOST.COM</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>1.0</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
and refer this link for more detail. hope this will help :)
Here is the log from NSCURL:
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
Result : PASS
---
And from IOS 9 simulator:
2015-11-02 20:52:29.928 energyvue[1137:17754] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
The url is on port 9445 though. Is there anyway to make this work without overriding ats transport security?
I had same problem, and communication works on Simulator iOS9.2 but not into device.
I fixed my problem checking CFNetwork log on device (http://jonathanblog2000.blogspot.com.br/2015/07/using-cfnetworkdiagnostics-for-network.html) and using a Cordova ATS Hybrid App Demo as sample (http://moduscreate.com/cordova-5-ios-9-security-policy-changes/).
My final ATS configuration:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.com</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
My environment:
API using HTTPS TLSv1.2 with SNI (Amazon AWS Cloud front, S3 and Elasticbeanstalk)
iPhone 5S iOS 9.2 and Mac OS X El Capitan
Hibrid App with Ionic Framework and AngularJS