Some times i'm getting CFNetwork SSLHandshake failed -(9806) in my code,but i'm not sure why this is happening as my code runs smoothly,except when i run it in iOS 6 and then on iOS 7 64-bit i get this warning.
Can anybody suggest me, how to handle this issue ?
Normally when I get CFNetwork SSLHandshake failed -(*) Its because of my local wifi network (device is connected to network but not the internet)
Try it again on another network (3G is the quickest solution for me)
This could also happen because of iOS 9. iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app's Info.plist file.
You can find more info here:
https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/
Or Steven Peterson's answer here, which is quite clear:
https://stackoverflow.com/a/30720929/1485701
Had the same issue and after I have confirmed that the server is getting the POST the solution was this:
Clean the project: Product -> Clean
Delete your app from the iOS device/iOS Simulator and quit the Simulator
Compile your app and run it
In my case, simple as that.
I had the same problem, and in my case the solution was that in my code I wrote
initWithScheme:#"https"
instead of
initWithScheme:#"http"
So make sure you use the correct protocol
Another solution: check if date/time is set correctly in your phone. SSL certificates are valid UNTIL certain date.
https://superuser.com/a/760211
Related
I am seeing the below error in iOS 13 when trying to setup an app with universal links. Has anyone seen this or know what it means?
I am seeing this error in the device console for the swcd process.
Error getting enterprise-managed associated domains data. If this device is not enterprise-managed, this is normal:
Error Domain=SWCErrorDomain Code=1701 "Failed to get associated domain data from ManagedConfiguration framework." UserInfo={NSDebugDescription=Failed to get associated domain data from ManagedConfiguration framework., Line=250, Function=<private>}
When I install the same app on an iOS 12 device it works perfectly fine. Any thoughts would be appreciated
It seems that upgrading to iOS 13.2.2 solves the issue.
There is no official confirmation about this, but is seems resolved on iOS 13.2.2.
There may be some different places that cause this problem. Note that the format of AASA file seems to be changed recently. Please refer to this.
If the delegate isn't called, and there are some Google Analysis or Firebase features in the app, then it may be caused by method swizzling. If that's the case, please refer to my answer here.
When running my app on iOS 11 beta 5 built with Xcode 9 I see this error from several of our network calls.
"NSURLError * domain: #“NSURLErrorDomain” - code:
18446744073709550617"
I've never come across this error before and we haven't made any change to the app currently. For networking, we are using AFNetworking v2.5
So it turns out it was ssl related. Eventually what I did was add an exception for the domain in info.plist and was able to get a reasonable error that said there was an ssl issue. Investigating that showed our cert was weakly signed. We replaced it which resolved the issue.
I'm developing an app using cordova (5.2.0).
On mac I'm using Xcode 6.4 to generate the .ipa
At some point I initialize a secure websocket connexion (certificates are not self signed, length is 2048) like this in js:
socket_ip = new WebSocket(wss://perform.domain.com:8080, "image-processing-protocol");
The connexion is working on Android and also from desktop browser (safari too).
However, from my Iphone(8.4) I got a :
CFNetwork SSLHandshake failed (-9807) which means "Invalid certificate chain"
On server side the message I got is:
error:00000005:lib(0):func(0):DH
My sever configuration is:
info.ssl_cert_filepath =
"sslCertificates/myCert.cer";
info.ssl_private_key_filepath ="sslCertificates/myCert";
info.ssl_ca_filepath ="sslCertificates/GlobalSignRootCA.cer"
info.ssl_cipher_list ="RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5"
Looks like my issue is similat to openssl-ssl-accept-error-5 . I then tried to set up a cipher list without DH but I still got the error.
I am probably missing something to configure on my libsocket server.
As long as I'm using a commercial certificate and it's working with other devices I don't understand with the connexion with IOS failed.
Any Help would be much appreciated, Thanks!
Is there an intermediate certificate from GlobalSignRootCA that you also have to add?
I did the checks as Steffen suggested.
Solution was to set elliptic curve Diffie Hellman protocol up within libwebsocket.
Thanks for your help.
I have an existing app in the App Store that supports both iOS 7 and 8 (though I'll be dropping iOS 7 support shortly).
My latest version of the app has brought both IADs and AdMobs (where AdMobs act as a failover from IADS). With the upcoming launch of iOS 9, and the recent craze of Google requiring the removal of SSL (http://googleadsdeveloper.blogspot.ch/2015/08/handling-app-transport-security-in-ios-9.html
HTTPS request in iOS 9 : NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)), from a beginner's point of view, I'd like to ask about some warnings I'm getting with my app running in Xcode 7 beta 5.
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
There's this link that I came across as well http://timekl.com/blog/2015/08/21/shipping-an-app-with-app-transport-security/?utm_campaign=iOS%2BDev%2BWeekly&utm_medium=email&utm_source=iOS_Dev_Weekly_Issue_213
So, what exactly do I need to do to remove this warning from the console when running my app on iOS 9?
I've come across one list that talks about disabling botched in Xcode, but firstly I don't understand what disabling that does, but also, is that required for this? What does ENABLE_BITCODE do in xcode 7?
Any thoughts on this would be really appreciated.
Read this App Transport Security Technote
Chances are, you'll have to set the NSAllowsArbitraryLoads to YES globally for now, because you aren't in control over what servers your ads come from.
Add below syntax to your app's info.plist,It's work for me.
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
because your are calling a server which has self-signed certificate. you have to by pass it.
My code for ssl handshake fails since I updated xcode to 6.4 (and simulator to ios 8.4). The error is: CFNetwork SSLHandshake failed (-9850)
The same code is performing ssl handshake successfully on ios 8.3 simulator (i've also tried ios 8.3 simulator from xcode 6.4 and it handshakes well).
Here's the piece of code that cofigures and starts handshake. I'm using swift.
self.socket.startTLS([kCFStreamSSLLevel:kCFStreamSocketSecurityLevelTLSv1,
kCFStreamSSLValidatesCertificateChain:kCFBooleanFalse])
I was trying to figure this out whole day and I couldn't even find out what the error code -9850 means. It isn't listed with all the other codes in SecureTransport.h file.
Update1:
I found out that apple introduced app transport security which means that you can declare domains you want to establish secure connection to. Anyway I tried with ATS but without any success. -9850 error is still making problems.
Update 2 - Solution
As Michal and Steven suggested in their answers I started to suspect that the main issue is on the server side which ended up to be true.
I talked with guy who implemented the server and all problems were gone after he generated new ssl certificates of length 2048. Before that they were 512. With new certificates, code on my side works perfectly fine.
-9850 appears in the SecureTransport.h header buried inside the iOS 9 SDK:
errSSLWeakPeerEphemeralDHKey = -9850, /* weak ephemeral dh key */
It sounds like Michal is on the right track. A more general search for this problem led me to http://www.chromium.org/administrators/err_ssl_weak_server_ephemeral_dh_key:
As of Chrome 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key, smaller than 1024 bits, for ephemeral Diffie-Hellman key agreement.
I'm not saying that iOS 9 imposes exactly the same requirements as Chrome, but I'd start looking at the server configuration and if you can increase the key size it uses for the SSL handshake.
I believe it has something to do with coreTLS:
Description: coreTLS accepted short ephemeral Diffie-Hellman (DH) keys, as used in export-strength ephemeral DH cipher suites. This issue, also known as Logjam, allowed an attacker with a privileged network position to downgrade security to 512-bit DH if the server supported an export-strength ephemeral DH cipher suite. The issue was addressed by increasing the default minimum size allowed for DH ephemeral keys to 768 bits.
From what I can tell from your code, I guess you're using GCDAsyncSocket. It has been updated 10 months ago, so it definitely does not reflect this issue.
When I get CFNetwork SSLHandshake failed -(*) its because my device is connected to the network but not the internet.