iOS App Fails to Establish Secure Connection (NSURLErrorDomain Code=-1200 SSL Error)

App & System Services Networking
ponkumaragurudasan OP
Created 1d
Replies 2
Boosts 0
Views 104
Participants 3

Hi everyone 👋

I’m running into a persistent SSL issue on iOS where the app fails to establish a secure HTTPS connection to our backend APIs. The same endpoints work fine on Android and web, but on iOS the requests fail with:

Error Domain=NSURLErrorDomain Code=-1200
"An SSL error has occurred and a secure connection to the server cannot be made."
UserInfo={
    NSLocalizedDescription = "An SSL error has occurred and a secure connection to the server cannot be made.";
    _kCFStreamErrorDomainKey = 3;
    _kCFStreamErrorCodeKey = -9802;
}

🔍 What I’ve Checked:

  • The servers use valid, trusted SSL certificates from a public CA
  • TLS 1.2 and 1.3 are enabled
  • The intermediate certificates appear correctly configured (verified using SSL Labs)
  • The issue happens on our customer's end. (Got it via Sentry)

Note: We recently removed NSAppTransportSecurity(NSAllowsArbitraryLoads) on our app, since all the endpoints use valid HTTPS certificates and standard configurations.

❓ Questions:

  • Are there additional SSL validation checks performed by iOS when ATS is enabled?
  • Has anyone seen similar behaviour, where valid certificate chains still trigger SSL errors?

Any insights or debugging suggestions would be greatly appreciated 🙏

Answered by DTS Engineer in 864066022

As Albert suggested, I recommend that you isolate this in a small test project. You can then experiment with adding and removing NSAllowsArbitraryLoads. That’ll tell you whether ATS is a factor or not, and that’s always a good first step in situations like this.

That -9802 error is errSSLFatalAlert. This is a common symptom of ATS problems because ATS simulates the TLS fatal alert on its failure path. However, it’s not a definitive, because TLS fatal alerts can have other origins.

Finally, is your server available on the public Internet. If so, and you post the URL, I’d be happy to take a look.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Replies  2
Boosts  0
Views  104
Participants  3
DTS Engineer OP
Apple
1d

Thank you for sharing the post. The error appears to be related to the domain in my opinion. Have you created a simple application to test different HTTPS domains using your code to determine if you obtain the same results?

If you encounter the same error with different domains, I suggest posting your sample code here to identify the source of the request. If the code functions correctly with other domains, I recommend investigating potential issues with your domain or certificate. A focused sample application targeting your domain may provide insights into the request’s problem and offer guidance on resolving it.

Hope this simple troubleshooting helps narrow it down.

Albert Pascual
  Worldwide Developer Relations.

0
DTS Engineer OP
Apple
1d
Recommended

As Albert suggested, I recommend that you isolate this in a small test project. You can then experiment with adding and removing NSAllowsArbitraryLoads. That’ll tell you whether ATS is a factor or not, and that’s always a good first step in situations like this.

That -9802 error is errSSLFatalAlert. This is a common symptom of ATS problems because ATS simulates the TLS fatal alert on its failure path. However, it’s not a definitive, because TLS fatal alerts can have other origins.

Finally, is your server available on the public Internet. If so, and you post the URL, I’d be happy to take a look.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
iOS App Fails to Establish Secure Connection (NSURLErrorDomain Code=-1200 SSL Error)
First post date Last post date
 
 
Q