What is NSURLErrorSecureConnectionFailed?

My app has been reporting error code -1200, "NSURLErrorSecureConnectionFailed", on a very small number of end user devices. I cannot reproduce the error. The devices that report this error have ranged from very old iOS 9 devices to modern iOS 14 devices.

The documentation says, "An attempt to establish a secure connection failed for reasons that can’t be expressed more specifically."

Can anyone elaborate on what kinds of reasons might cause this error? I'm otherwise stuck, with no way to explain this to my customers and no advice for how they might fix it.

Thanks,
Frank
Up vote post of flarosa Down vote post of flarosa
2.6k views
Posted by
flarosa
Reply
Add a Comment

Replies

I can add that the app connects with a server that we run, which has a valid SSL certificate.

One user who had this problem said "The iPads have the latest software updates installed (14.5.1) as well as the organisations SSL certificate as the error message indicates". I don't know what "organizations SSL certificate" he is referring to; it is not the SSL certificate on my server. Could some custom certificate he has on his device be interfering with its ability to use my server?
Posted by
flarosa
Up vote reply of flarosa Down vote reply of flarosa
Add a Comment

Could some custom certificate he has on his device be interfering with
its ability to use my server?

Absolutely. Some managed site use an HTTPS proxy to implement TLS Inspection; to learn more about this, search the ’net for that term (and related terms, like SSL Inspection and TLS Interception). It’s hard to distinguish such a setup from an attack and modern versions of iOS try to defend against it.

However, there’s no guarantee that this is the cause of the errors you’re seeing. If you’re helping a user with this problem:

  • Modify your code so that it reports the full error. The NSURLErrorSecureConnectionFailed should have an underlying error (NSUnderlyingErrorKey) with more details. And, indeed, that error may have its own underlying error, and so on.

  • Ask them to retry on a different network (if they’re at work, have them try at home; or vice versa; or stop by a café; or whatever). That’ll tell you whether the problem is tied to their device or their network.

  • Ask them for sysdiagnose log, taken shortly after seeing the problem. The should offer clues as to what went wrong.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment