iOS9 Beta1 | CFNetwork SSLHandshake failed (-9824)

Recompiled my App with Xcode 7 Beta1:


I am using AFNetworking and every connection seems to fail (device and simulator):


CFNetwork SSLHandshake failed (-9824)

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)


… any suggestions?


Steven

Answered by stevenp in 6102022

The workaround for now is to add this to your Info.plist:


<key>NSAppTransportSecurity</key>

<dict>

   <key>NSAllowsArbitraryLoads</key>

   <true/>

</dict>

we are expierencing the same issue with standard NSURLConnection too.

Ok they just have changed something... keep me posted if you find any documentation on it. I'm going to try connection over http just for the fun of it and see if it works..

HTTP connection now says you must enter and exception for using http and not https in the info.plist, not sure what the key is even for that...

Where do you see this? Is this in the documentation somewhere?

Accepted Answer

The workaround for now is to add this to your Info.plist:


<key>NSAppTransportSecurity</key>

<dict>

   <key>NSAllowsArbitraryLoads</key>

   <true/>

</dict>

works fine for me - a ducumentation link would be nice

You must be new here 🙂

Documentation would be nice, wouldn't it? Sadly, it's currently undocumented. I found these keys by searching through the bundles included in the Xcode 7 beta package. There are other keys as well that I'm sure are used for specifying domains as Apple intends, but it's not clear how to format the ATS dictionaries in the Info.plist, so for now this is a workaround. I'm sure we'll know more by the end of the week.

This fix only works for me with GET requests. POST API calls are successful but they are not returning data. Is anyone else experiencing this?

I was impacted by this in my Mac App. This info.plist key resolved the issue.


- David

The info you are looking for:


NSAppTransportSecurity

NSExceptionDomains
"example.com"
NSIncludesSubdomains = YES
NSExceptionRequiresForwardSecrecy = NO
NSExceptionMinimumTLSVersion = "TLSv1.1"

Check it out in WWDC session 711

https://developer.apple.com/videos/wwdc/2015/?id=711 @ 5:55


🙂

Reporting a bug will help to get the documentation fixed. That is what beta testing is about.

Using NSAllowsArbitraryLoads appears to be a temporary workaround. But it probably won't be available at some point.



However, I was able to get things working with a TLS 1.0 server (YOUR_HOST.COM) by doing the following:



Take special note of the "NSTemporaryExceptionRequiresForwardSecrecy" flag. It needs to be turned OFF.





<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
  <key>YOUR_HOST.COM</key>
  <dict>
  <key>NSIncludesSubdomains</key>
  <true/>
  <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
  <true/>
  <key>NSTemporaryExceptionMinimumTLSVersion</key>
  <string>1.0</string>
  <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
  <false/>
  </dict>
  </dict>
</dict>
iOS9 Beta1 | CFNetwork SSLHandshake failed (-9824)
 
 
Q