mTLS failed network is intercept by appTransportSecurity layer when backend return 4XX

recently my app published on app store facing some issue after i have implemented cloudflare and mtls to enhance security feature. Before that, when the API failed, i can receive http error code such as 403, 401 and etc. but after mtls is activated, all those failed http call is block by AppTransportSecurity layer and i can only receive 999 and error message as "URLSessionTask failed with error: The erver "***.***.com" requires a client certificate." i have read through Apple document, it says Apple introduce this security layer by default to ensure network security without known weakness https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35 does anyone have come across similar issue like this before?

Up vote post of JosCc Down vote post of JosCc
152 views
Posted by
JosCc
Reply
Add a Comment

Replies

It’s very unlikely that App Transport Security (ATS) is involved here. ATS is primarily concerned with the nature of the TLS connection supported by the server — the TLS version, the server’s certificate, and so on — and that doesn’t change if you switch to mTLS authentication.

i can only receive 999

Is that actually 999? Or -999? The latter is NSURLErrorCancelled, which means that someone has cancelled the task on the client side. Given that you just enabled mTLS, that’s most likely because of a problem with your authentication challenge handling. What does that look like?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment