CFNetwork IOS9 SSLHandshake -9847

App & System Services Core OS
jeeinc OP
Created Jun ’15
Replies 4
Boosts 0
Views 18k
Participants 4

every connection seems to fail (AFNetworking):


CFNetwork SSLHandshake failed (-9847)

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9847)


and the http://.... has been replaced with https://....


Jeeinc

Replies  4
Boosts  0
Views  18k
Participants  4
Poets OP
Jun ’15

Hi jeeinc,


today I read that iOS 9 is forcing connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. So you have to ensure that your web server supports this version of the protocol. Otherwise you have to disable the App Transport Security in your app by adding this code snippet to your Info.plist:

<key>NSAppTransportSecurity</key>
  <dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
  </dict>


All the best,


Alex

0
Universalis OP
Jun ’15

It is worth adding that a similar problem (but with the code 9802) occurs when connecting to Amazon's AWS servers.


Amazon claim to support TLS 1.2, but I seem to remember from one of the WWDC talks that Apple want apps to connect to sites that support TLS 1.2 only, and not to sites that support both TLS 1.2 and earlier versions.


If this is true, it is a misguided policy by Apple and I have reported it as bug #21380214. Yes, connecting to TLS 1.2-only sites protects against man-in-the-middle downgrade attacks; but no site in the real world is likely to go TLS 1.2-only. The net result is that we, as developers, find ourselves using Alex's workround everywhere, disabling the protection that Apple were trying to give us.


I suggest careful monitoring of the situation and the issuing of bug reports as appropriate.

0
smizoguchi OP
Aug ’15

I've also run into this issue with AWS servers. Any updates? I'd hate to diable ATS.

0
pavelsukalin OP
Sep ’15

It does not work for me...

0
CFNetwork IOS9 SSLHandshake -9847
First post date Last post date
 
 
Q