General:
TN3151 Choosing the right networking API
Networking Overview document — Despite the fact that this is in the archive, this is still really useful.
TLS for App Developers DevForums post
Choosing a Network Debugging Tool documentation
WWDC 2019 Session 712 Advances in Networking, Part 1 — This explains the concept of constrained networking, which is Apple’s preferred solution to questions like How do I check whether I’m on Wi-Fi?
TN3135 Low-level networking on watchOS
Adapt to changing network conditions tech talk
Foundation networking:
DevForums tags: Foundation, CFNetwork
URL Loading System documentation — NSURLSession, or URLSession in Swift, is the recommended API for HTTP[S] on Apple platforms.
Network framework:
DevForums tag: Network
Network framework documentation — Network framework is the recommended API for TCP, UDP, and QUIC on Apple platforms.
Network Extension (including Wi-Fi on iOS):
See Network Extension Resources
Wi-Fi Fundamentals
Wi-Fi on macOS:
DevForums tag: Core WLAN
Core WLAN framework documentation
Wi-Fi Fundamentals
Secure networking:
DevForums tags: Security
Apple Platform Security support document
Preventing Insecure Network Connections documentation — This is all about App Transport Security (ATS).
Available trusted root certificates for Apple operating systems support article
Requirements for trusted certificates in iOS 13 and macOS 10.15 support article
About upcoming limits on trusted certificates support article
Apple’s Certificate Transparency policy support article
Technote 2232 HTTPS Server Trust Evaluation
Technote 2326 Creating Certificates for TLS Testing
QA1948 HTTPS and Test Servers
Miscellaneous:
More network-related DevForums tags: 5G, QUIC, Bonjour
On FTP DevForums post
Using the Multicast Networking Additional Capability DevForums post
Investigating Network Latency Problems DevForums post
Local Network Privacy FAQ DevForums post
Extra-ordinary Networking DevForums post
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Network
RSS for tagNetwork connections send and receive data using transport and security protocols.
Posts under Network tag
200 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
Hello All,
We are facing weird issue rarely but it continues for few hours or a day.
Observations:
Issue get resolved automatically when we change iOS device network.
We are using sub domain for all network request on iOS/Android App, only iOS Device is logging below mentioned issue.
Both domain has different certificate, where we are using wildcard certificate on subdomain, (*.domain.co.nz )
Main domain don't have subdomain name in subject list (SAN or CN)
we have verified both certificate are valid and supporting TLSv1.3
Also, We have verified instruction given by apple which is also looks good: https://support.apple.com/en-us/103769
you may observer *.wordpress.com is logged in certificate chain validation But We are not calling any of the network request on *.wordpress.com
Our backend server is using only NodeJs and Express.js and as mentioned by out backend team, we don't have any use of main domain/server.
Here is Xcode Error Log
Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x11603ae00) s: *.wordpress.com i: Sectigo ECC Domain Validation Secure Server CA>",
"<cert(0x11603b600) s: Sectigo ECC Domain Validation Secure Server CA i: USERTrust ECC Certification Authority>",
"<cert(0x116043400) s: USERTrust ECC Certification Authority i: AAA Certificate Services>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://subdomain.maindomain.co.nz/vider/api/v1/users/login, NSErrorFailingURLStringKey=https://subdomain.maindomain.co.nz/vider/api/v1/users/login, NSUnderlyingError=0x301ec2cd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x3021b1360>, kCFNetworkCFStreamSSLErrorOriginalValue=-9843, kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9843, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x11603ae00) s: *.wordpress.com i: Sectigo ECC Domain Validation Secure Server CA>",
"<cert(0x11603b600) s: Sectigo ECC Domain Validation Secure Server CA i: USERTrust ECC Certification Authority>",
"<cert(0x116043400) s: USERTrust ECC Certification Authority i: AAA Certificate Services>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask .<1>"
), kCFStreamErrorCodeKey=-9843, NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask .<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x3021b1360>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk.}))
URLSessionTask failed with error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk.
"Show: Something went wrong! please try again after sometime!"
"Networking error message: Optional("URLSessionTask failed with error: The certificate for this server is invalid. You might be connecting to a server that is pretending to be “subdomain.maindomain.co.nz” which could put your confidential information at risk.")
End of error Log,
Kindly help us. Thanks in advance.
HI, I have Mac Sequoia Beta3. I installed Content Filer network extension which is same as https://developer.apple.com/documentation/networkextension/filtering_network_traffic in my machine.
When I try to connect a machine through "ssh", NEFilterFlow.description in handleNewFlow(_ flow: NEFilterFlow) is showing "sourceAppIdentifier" (process name) as "Terminal" instead of "ssh". But other Mac OS versions, it is showing as "ssh".
Is there any issue with Sequoia Beta3? or Is this expected?
Thanks
We need to do some operations in a login screen, but when the user uses a WPA2-Enterprise network, the authentication to this network is only possible after the login process has already been completed.
Is there a way to change the network on login screen or a way to authenticate on the WPA2-Enterprise network before a completed login?
STEPS TO REPRODUCE
1 - Use a WPA2-Enterprise
2 - Set WPA2-Enterprise as Auto-Join/Principal
3 - Reboot the Machine
4 - On the logon screen it's impossible to authenticate on the enterprise network even then type the username and password.
There is new porperty introduced in iOS 18 Beta for VPN i.e CellularSliceUUID
But there is no description available for the same. Could you please let us know how this property can impact VPN?
https://developer.apple.com/documentation/devicemanagement/vpn?changes=latest_major&language=objc
I'm very interested in whether it works and, if so, how the system decides to enable or not TFO when working with the network using URLSession.
I didn't find any information in the documentation.
For example, for NWConnection we need to manually add additional option:
/* Allow fast open on the connection parameters */
parameters.allowFastOpen = true
let connection = NWConnection(to: endpoint, using: parameters)
/* Call send with idempotent initial data before starting the connection */
connection.send(content: initialData, completion: .idempotent)
connection.start(queue: myQueue)
Hello,
I am trying to apply ProxyConfiguration on the WebKit webview.
I referred to the following sources:
https://forums.developer.apple.com/forums/thread/110312 and
https://developer.apple.com/videos/play/wwdc2023/10002/
import WebKit
class WebKitViewModel: ObservableObject {
let webView: WKWebView
@Published var urlString: String = "https://example.com"
init() {
webView = WKWebView(frame: .zero)
}
func loadUrl() {
guard let url = URL(string: urlString) else {
return
}
var request = URLRequest(url: url)
let endpoint = NWEndpoint.hostPort(host: "127.0.0.1", port: 9077)
let proxyConfig = ProxyConfiguration.init(httpCONNECTProxy: endpoint)
let websiteDataStore = WKWebsiteDataStore.default()
websiteDataStore.proxyConfigurations = [proxyConfig]
webView.configuration.websiteDataStore = websiteDataStore
webView.load(request)
}
}
However, this configuration only works for HTTP proxies. When I try to use an HTTPS proxy, it does not work.
When I use NWConnection to connect to the proxy, it works successfully:
import Foundation
import Network
public class HTTPProxy {
private let proxyHost: NWEndpoint.Host
private let proxyPort: NWEndpoint.Port
private var connection: NWConnection?
public init(proxyHost: String, proxyPort: UInt16) {
self.proxyHost = NWEndpoint.Host(proxyHost)
self.proxyPort = NWEndpoint.Port(rawValue: proxyPort)!
}
public func sendHTTPRequest(completion: @escaping (Result<String, Error>) -> Void) {
let tlsOptions = NWProtocolTLS.Options()
let parameters = NWParameters(tls: tlsOptions)
connection = NWConnection(host: proxyHost, port: proxyPort, using: parameters)
connection?.stateUpdateHandler = { [weak self] state in
switch state {
case .ready:
self?.sendConnectRequest(completion: completion)
case .failed(let error):
completion(.failure(error))
default:
break
}
}
connection?.start(queue: .global())
}
private func sendConnectRequest(completion: @escaping (Result<String, Error>) -> Void) {
guard let connection = connection else {
completion(.failure(NSError(domain: "Connection not available", code: -1, userInfo: nil)))
return
}
let username = "xxxx"
let password = "xxxx"
let credentials = "\(username):\(password)"
guard let credentialsData = credentials.data(using: .utf8) else {
print("Error encoding credentials")
fatalError()
}
let base64Credentials = credentialsData.base64EncodedString()
let proxyAuthorization = "Basic \(base64Credentials)"
let connectString = "CONNECT api.ipify.org:80 HTTP/1.1\r\n" +
"Host: api.ipify.org:80\r\n" +
"Proxy-Authorization: \(proxyAuthorization)\r\n" +
"Connection: keep-alive\r\n" +
"\r\n"
if let connectData = connectString.data(using: .utf8) {
connection.send(content: connectData, completion: .contentProcessed { error in
if let error = error {
completion(.failure(error))
} else {
self.receiveConnectResponse(completion: completion)
}
})
}
}
private func receiveConnectResponse(completion: @escaping (Result<String, Error>) -> Void) {
connection?.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, context, isComplete, error in
if let data = data, let responseString = String(data: data, encoding: .utf8) {
if responseString.contains("200 OK") {
self.sendRequest(completion: completion)
} else {
completion(.failure(NSError(domain: "Failed to establish connection", code: -1, userInfo: nil)))
}
} else if let error = error {
completion(.failure(error))
}
}
}
private func sendRequest(completion: @escaping (Result<String, Error>) -> Void) {
guard let connection = connection else {
completion(.failure(NSError(domain: "Connection not available", code: -1, userInfo: nil)))
return
}
let requestString = "GET /?format=json HTTP/1.1\r\n" +
"Host: api.ipify.org\r\n" +
// "Proxy-Authorization: Basic xxxxxxxx\r\n" +
"Connection: keep-alive\r\n" +
"\r\n"
print("Sending HTTP request:\n\(requestString)")
if let requestData = requestString.data(using: .utf8) {
connection.send(content: requestData, completion: .contentProcessed { error in
if let error = error {
completion(.failure(error))
} else {
self.receiveResponse(completion: completion)
}
})
}
}
private func receiveResponse(completion: @escaping (Result<String, Error>) -> Void) {
connection?.receive(minimumIncompleteLength: 1, maximumLength: 65536) { data, context, isComplete, error in
if let data = data, !data.isEmpty {
print ("Data: \(data)")
if let responseString = String(data: data, encoding: .utf8) {
print("Received response:\n\(responseString)")
completion(.success(responseString))
} else {
completion(.failure(NSError(domain: "Invalid response data", code: -1, userInfo: nil)))
}
} else if let error = error {
completion(.failure(error))
}
if isComplete {
self.connection?.cancel()
self.connection = nil
} else {
self.receiveResponse(completion: completion)
}
}
}
}
This approach works for connecting to the proxy, but it does not help with configuring the proxy for WebKit.
Could someone please assist me in configuring a proxy for WebKit WebView to work with HTTPS proxies?
Thank you!
I am developing a watchOS-only app, and whenever I attempt to make a network request, it always fails and throws the following error:
Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline."
I noticed that when I turn off Wi-Fi and Bluetooth in the settings of the iPhone paired with the Apple Watch (thus disconnecting the Apple Watch from the iPhone), my app can successfully connect to the network.
Additionally, when the app contains both an iOS app and a watchOS app, after granting network permissions on the iOS app, the watchOS app can access the network normally when connected to the iPhone.
When opening some system apps on the Apple Watch (such as the "Workout" app), the app will display a network permission request similar to that on iOS, but this request does not automatically pop up when my watchOS app attempts to access the network.
Is there a way to request network permissions in a watchOS-only app so that it can access the network while connected to the iPhone?
Hi Team,
There is situation in which I want to implement session Resumption in IOS. I am using Network Framework but I am unable to find a way, how to enable the resumption . It will more beneficial for me if you guys can help me in that.
Regards,
Hi, I'm using Multipeer Connectivity in my application and when I run it on my physical device, I receive following warning:
NSNetServiceBrowser did not search with error dict [{
NSNetServicesErrorCode = "-72008";
NSNetServicesErrorDomain = 10;
}].
I've found out that this is associated with not having proper permissions in info.plist according to https://developer.apple.com/forums/thread/653316
I've set description for Privacy - Local Network Usage Description, however, I'm not able to find any key for setting my Bonjour Services.
Also, I do not see any popup on my device displaying request to approve local network usage. Could you please provide me an information how can I register my privileges properly?
Hi, I had a Content Filter network extension. It is successfully working until Sonoma. I try to install and activate same network extension on Sequoia beta Intel Mac. But even I haven't got any user consent to activate and allow it. I haven't found any entry in Network settings.
Do we need to make any changes in Sequoia MacOs to make it work?
Thank you.
I am working on an app which is capturing photos and uploading them to a server.
I have followed the URLSession configuration to properly support background transfers. However, I am now noticing that my photos are uploading way slower, even when the user has the app open and is interacting with the app. This is undesirable because the changes need to be reflected in real time to the server when the user is active in the app.
Previously, when I was just using URLSession.shared.uploadTask with a completion handler, the photos uploaded right away in a matter of 1-2 seconds.
Now it is taking 3-4 minutes per photo to upload. The photos are roughly 3mb in size each. I have tried setting the isDiscretionary property explicitly to false to no avail.
Sometimes the users are without internet connection, which is why I wanted to use the background session (so that the uploads can be automatically retried by the system when the user connects back to the internet)
So, in summary, I want the functionality of the background uploading (and to let the system retry when the user transitions from offline to online) however I also need realtime uploading when the user is interacting with the app.
What is the preferred way to solve this problem?
New crash occur in iOS 17.4.1 and 17.5.1, is there a resolution for this crash ?
Thread 77 name:
Thread 77 Crashed:
0 Network 0x000000018f2218a8 nw_socket_internal_error(nw_socket*, int) + 72 (protocol_socket.cpp:373)
1 Network 0x000000018ec1570c invocation function for block in nw_socket_init_socket_event_source(nw_socket*, unsigned int) + 4000 (protocol_socket.cpp:4351)
2 libdispatch.dylib 0x0000000196405dd4 _dispatch_client_callout + 20 (object.m:576)
3 libdispatch.dylib 0x00000001964092d8 _dispatch_continuation_pop + 600 (queue.c:321)
4 libdispatch.dylib 0x000000019641d1c8 _dispatch_source_latch_and_call + 420 (source.c:596)
5 libdispatch.dylib 0x000000019641bd8c _dispatch_source_invoke + 832 (source.c:961)
6 libdispatch.dylib 0x000000019640f284 _dispatch_workloop_invoke + 1756 (queue.c:4570)
7 libdispatch.dylib 0x0000000196418cb4 _dispatch_root_queue_drain_deferred_wlh + 288 (queue.c:6998)
8 libdispatch.dylib 0x0000000196418528 _dispatch_workloop_worker_thread + 404 (queue.c:6592)
9 libsystem_pthread.dylib 0x00000001eb3b7934 _pthread_wqthread + 288 (pthread.c:2696)
10 libsystem_pthread.dylib 0x00000001eb3b40cc start_wqthread + 8 (:-1)
Users of my app have reported that they are sometimes unable to receive Voice-over-IP (VoIP) push notifications when using a SIM.
(There is no problem when using WiFi)
VoIP push notifications were not received during the following period.
Could you confirm diagnostic logs and could you please tell me why my app can't receive VoIP push?
[diagnostic logs]
https://drive.google.com/drive/folders/1gSAbr1Fy1SrjlmRXuAzoXqiaxnNbFhj8?usp=sharing
[Problem period]
2024/06/17 05:34:59 - 2024/06/17 09:04:42
Number of times that the push server pushed and it received a normal APNs response: 31
Number of times that iPhone received pushes: 0
2024/06/17 23:05:03 - 2024/06/18 09:02:16
Number of times that the push server pushed and it received a normal APNs response: 192
Number of times that iPhone received pushes: 0
2024/06/15 00:35:56 - 2024/06/15 09:55:57
Number of times that the push server pushed and it received a normal APNs response: 138
Number of times that iPhone received pushes: 0
Using NWBrowser and NWListener I'm trying to send a small package of data from the listener/server to the device.
However the device never receives the actual bytes. It either:
gets stuck the preparing state
the connection gets reset
the data is null and is marked as isComplete = true
The only way I can get the device to receive the data is by calling cancel on the NWConnection on the server/NWListener end.
Here is some sample code I am working with:
https://github.com/leogdion/JustBonjour/tree/nwlistener
Is this expected behavior that cancel is required?
When using Network framework, is it possible to set NWProtocolTLS behave like TLS Server or Client? In CFNetwork there is a kCFStreamSSLIsServer key which I could not find the same thing in Network.
I currently try to implement something like STARTTLS, both client and server side, after connection and some message, the client will behave like a TLS SERVER, and the connection in server(NWListener) will behave like a TLS CLIENT.
That's why i need to set something like kCFStreamSSLIsServer
In Swift-NIO, this can be easily implemented by adding a NIOSSLClientHandler or NIOSSLServerHandler
Below it's what I got currently based on another post in community
// main.swift
import Foundation
import Network
let params = NWParameters.tcp
let framer = STARTTLSFramer.options()
params.defaultProtocolStack.applicationProtocols = [framer]
let connection = NWConnection(
host: .ipv4(IPv4Address("127.0.0.1")!), port: .init(integerLiteral: 8089), using: params)
connection.stateUpdateHandler = { newState in
print("connection newState \(newState)")
}
connection.start(queue: .main)
RunLoop.main.run()
// STARTLSFramer.swift
import Foundation
import Network
final class STARTTLSFramer: NWProtocolFramerImplementation {
static let label: String = "STARTTLSFramer"
init(framer: NWProtocolFramer.Instance) {}
func handleOutput(
framer instance: NWProtocolFramer.Instance, message: NWProtocolFramer.Message,
messageLength: Int, isComplete: Bool
) {
fatalError()
}
func wakeup(framer instance: NWProtocolFramer.Instance) {
fatalError()
}
func stop(framer instance: NWProtocolFramer.Instance) -> Bool { true }
func cleanup(framer instance: NWProtocolFramer.Instance) {}
func start(framer instance: NWProtocolFramer.Instance) -> NWProtocolFramer.StartResult {
instance.writeOutput(data: Data("hello\n".utf8))
return .willMarkReady
}
private var accumulated = Data()
func doUpgrade(instance: NWProtocolFramer.Instance) {
let tlsOptions = NWProtocolTLS.Options()
sec_protocol_options_set_min_tls_protocol_version(tlsOptions.securityProtocolOptions, .TLSv12)
// load identity
let secIdentity = createSecIdentity()!
let identity = sec_identity_create(secIdentity)
sec_protocol_options_set_local_identity(tlsOptions.securityProtocolOptions, identity!)
try! instance.prependApplicationProtocol(options: tlsOptions)
instance.passThroughOutput()
instance.passThroughInput()
instance.markReady()
}
func handleInput(framer instance: NWProtocolFramer.Instance) -> Int {
repeat {
let success = instance.parseInput(minimumIncompleteLength: 1, maximumLength: 2048) {
buffer, _ in
let count = buffer?.count ?? 0
if let buffer {
accumulated.append(contentsOf: buffer)
}
return count
}
if !success { break }
} while true
// some validation
self.accumulated.removeAll()
self.doUpgrade(instance: instance)
return 0
}
static func options() -> NWProtocolFramer.Options {
let startTLSDef = NWProtocolFramer.Definition(implementation: STARTTLSFramer.self)
let result = NWProtocolFramer.Options(definition: startTLSDef)
return result
}
}
Description:
I'm encountering an SSL error (error code: -1200) when trying to establish a secure connection in my app. This issue only occurs when the network signal is low on Airtel. The connection works fine on a normal network signal.
Here are the details:
Device: iPhone 11
iOS Version: 17.2.1
Network Provider: Airtel
Error Message: An SSL error has occurred and a secure connection to the server cannot be made. Error code: -1200
Tried different network settings and Observed the issue only on low network signal.
Any insights or suggestions to resolve this issue would be greatly appreciated. Thank you!
I want to extend an existing macOS app distributed through the Mac App Store with the capability to track the Wi-Fi's noise and signal strength along with the SSID it is connected to over time.
Using CWWiFiClient.shared().interface(), I can get noiseMeasurement() and rssiValue() fine, but ssid() always returns nil.
I am assuming this is a privacy issue (?).
Are there specific entitlements I can request or ways to prompt the user to grant the app privilege to access the SSID values?
I am using NWconnection to force some requests to go through cellular data. Everything works fine, except I keep calling connection.receive and don't know when the transfer is complete.
// Setting up the connection:
let tcpOptions = NWProtocolTCP.Options()
let parameters = NWParameters(tls: .init(), tcp: tcpOptions)
parameters.requiredInterfaceType = .cellular
port = port ?? NWEndpoint.Port(443)
// ...
NWConnection(to: .hostPort(host: NWEndpoint.Host(host),port: port), using: parameters)
// Receiving data once the connection is ready
func receive(withConnection connection: NWConnection, completion: @escaping dataCompletion) {
connection.receive(minimumIncompleteLength: 1, maximumLength: Int.max) { [self] data, contentContext, isComplete, error in
if let data = data {
receivedData.append(data)
print(contentContext)
if isComplete || error != nil || connection.state != .ready {
cancelConnection(connection)
} else {
processor?.receive(withConnection: connection, completion: completion)
}
} else {
cancelConnection(connection)
}
}
}
I am consuming regular HTTP endpoints. The data in receive comes in chunks but isComplete parameter never becomes true, so I don't know when to stop and send the complete receivedData back.
I've thought of adding a timeout, but it seems kind of hacky. Is there a better solution?
Since my question exceeds 700 words, please check it in the attachment. Thank you!
Question
I am building a feature in my iOS app, I need to get list of nearby networks and the strength, frequency of each one.
how can I achieve this? is there any public api I can use to achieve this?