iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Question

Since I upgraded my existing project with iOS 9, I keep getting the error :

An SSL error has occurred and a secure connection to the server cannot be made.

It was Proxy error in my case find answer here. http://stackoverflow.com/a/34787953/3840428 — Nagarjun, Jan 14 '16 at 11:06

score 152 · Accepted Answer · edited Jul 25 '17 at 07:53

152

For the iOS9, Apple made a radical decision with iOS 9, disabling all unsecured HTTP traffic from iOS apps, as a part of App Transport Security (ATS).

To simply disable ATS, you can follow this steps by open Info.plist, and add the following lines:

<key>NSAppTransportSecurity</key>
  <dict>
      <key>NSAllowsArbitraryLoads</key>
      <true/>
  </dict>

edited Jul 25 '17 at 07:53

Stéphane Bruckert

21,706
14
92
130

answered Sep 24 '15 at 08:06

Tony TRAN

2,118
1
15
16

54

I added above lines in plist, but still getting following error: An SSL error has occurred and a secure connection to the server cannot be made. NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9819 I am calling HTTPS request. Is there any other option for HTTPS? – AiOsN Oct 28 '15 at 17:57
2

AiOsN = same problem here, did you found a solution? – Franck Feb 05 '16 at 14:04
8

It seems to be a common misinterpretation, that NSAllowsArbitraryLoads is a switch to enable or disable ATS. As soon as you are doing a https:// request, you must ensure, that you meet the ATS-requirements: a valid certificate installed on the server (without wildcard, exactly matching the server's domain name), server supports TLS 1.2 with forward secrecy. – Christian May 04 '16 at 06:54
@Christian What's the source of these ATS requirements? I can't find anything about not supporting wildcard certificates. – Bart Oct 13 '16 at 10:59
@Bartosz Sorry, I cannot point you to an official document, it's just something that we have observed when updating our server infrastructure. – Christian Oct 20 '16 at 06:12
I updated the link, seem like Apple removed the old official document link. – Tony TRAN Oct 21 '16 at 04:26
@AiOsN I have added NSAllowsArbitraryLoads to the plist, But still getting the error 'an SSL error has occurred and a secure connection to the server cannot be made' in some networks. Adding my server's domain to 'NSExceptionDomains' will solve the problem? I'm using iOS11 – Ashok Dec 19 '17 at 06:57
Its 2023 and this still work – Koder 228 Aug 01 '23 at 17:43

score 77 · Answer 2 · answered Sep 29 '15 at 22:15

77

Even though allowing arbitrary loads (NSAllowsArbitraryLoads = true) is a good workaround, you shouldn't entirely disable ATS but rather enable the HTTP connection you want to allow:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

answered Sep 29 '15 at 22:15

Stéphane Bruckert

21,706
14
92
130

2

Much better than ignoring all security problems. Amazon's S3 service uses weak encryption, and loading directly to their servers was causing problems, but this allowed us to open just the s3.amazonaws.com url, keeping the rest inline. Awesome! – mix3d Dec 04 '15 at 20:45
3

The server I was trying to reach was using TLSv1.0. I had to add NSExceptionMinimumTLSVersion for tls1.0 to bypass the SLL error – Ispas Claudiu Nov 01 '18 at 16:53
This answer worked for me. I was using a WKWebView and trying to make an SSL request to the API server. – Fan Jin Nov 01 '18 at 17:25
Hi @Stéphane, I got strange situation. My phone is having iOS version 12.1.2, but I got error "An SSL error has occurred and a secure connection to the server cannot be made". What I did is updated my plist file. App run fine and again I removed the changes I made in info.plist. Now It's running fine. So, I am not able to find the actual reason for this error. Any suggestion? – Mansuu.... Jan 28 '19 at 06:31
@Mansuu.... did you try to use TLSv1.0 as suggested in the comments above? – Stéphane Bruckert Feb 01 '19 at 16:46
@StéphaneBruckert Yes I updated my plist file as suggested above(NSTemporaryExceptionMinimumTLSVersion - TLS V1.0"). My app run fine then I removed that "NSTemporaryExceptionMinimumTLSVersion - TLS V1.0" entry I made but still app runs fine. So I could not find the reason why is it happening. – Mansuu.... Feb 04 '19 at 05:40
I have this config in my info.plist, but still two (out of hundreds of devices) fail to connect to my API, returning "An SSL error has occurred and a secure connection to the server cannot be made". – thomasgalliker Jul 27 '20 at 22:00

score 19 · Answer 3 · edited Feb 19 '16 at 15:30

19

If you are just targeting specific domains you can try and add this in your application's Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

edited Feb 19 '16 at 15:30

emotality

12,795
4
39
60

answered Nov 10 '15 at 21:40

Nathan Noble

806
7
14

1

This did not work for me. Yes, I put the correct domain in for "example.com". – Alyoshak Mar 10 '17 at 22:19
1

It's work for me. when I did the exemple only with the "Allow Arbitrary Loads" works but after stopped. When I used the key "NSExceptionRequiresForwardSecrecy" -> false and "NSIncludesSubdomains" -> true it works perfectly. Thanks a lot! – linhadiretalipe Mar 20 '17 at 11:25
1

This worked for me as well! Even though I am using https connection, I still faced the issue. There is no support for 'NSExceptionRequiresForwardSecrecy' currently. From what I read, this was not necessary to specify earlier, but looks like they have made this mandatory now as well. PS: I was trying with iOS 10.2.1 – Vaibhav Misra Apr 19 '17 at 07:49

score 15 · Answer 4 · answered Oct 01 '15 at 08:00

15

iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

*referenced to App Transport Security (ATS)

answered Oct 01 '15 at 08:00

TechSeeko

1,521
10
19

1

For Swift 4+, App Transport Security Settings -> Allow Arbitrary Loads = YES – mehdigriche Nov 21 '19 at 15:34

steve · Answer 5 · 2015-10-05T19:10:26.003

It appears that iOS 9.0.2 breaks requests to valid HTTPS endpoints. My current suspicion is that it is requiring SHA-256 certs or it fails with this error.

To reproduce, inspect your UIWebView with safari, and try navigating to an arbitrary HTTPS endpoint:

location.href = "https://d37gvrvc0wt4s1.cloudfront.net/js/v1.4/rollbar.min.js"
// [Error] Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made. (rollbar.min.js, line 0)

Now try going to google (because of course they have a SHA-256 cert):

location.href = "https://google.com"
// no problemo

Adding an exception to transport security (as outlined by @stéphane-bruckert's answer above) works to fix this. I also assume that completely disabling NSAppTransportSecurity would work too, though I've read that completely disabling it can jeopardize your app review.

[EDIT] I've found that simply enumerating the domains I'm connecting to in the NSExceptionDomains dict fixes this problem, even when leaving NSExceptionAllowsInsecureHTTPLoads set to true. :\

score 2 · Answer 6 · answered Oct 01 '15 at 11:37

2

The problem is the ssl certificate on server side. Either something is interfering or the certificate doesn't match the service. For instance when a site has a ssl cert for www.mydomain.com while the service you use runs on myservice.mydomain.com. That is a different machine.

answered Oct 01 '15 at 11:37

Helge Becker

3,219
1
20
33

I am gettng the problem with some urls but not others at the same ip address (domain and server) – user6631314 Jul 03 '18 at 20:20

score 2 · Answer 7 · answered Mar 10 '16 at 20:13

2

I get the same error when I specify my HTTPS URL as : https://www.mywebsite.com . However it works fine when I specify it without the three W's as : https://mywebsite.com .

answered Mar 10 '16 at 20:13

Hashim Akhtar

813
2
11
16

score 2 · Answer 8 · answered Apr 12 '22 at 17:33

2

In my case I had network sniffing apps such as Charles Proxy or Proxyman open.

answered Apr 12 '22 at 17:33

Genki

3,055
2
29
42

1

Thankyou!!!! I had Proxyman open, and this confused the hell out me – Tony Sep 11 '22 at 09:14

score 1 · Answer 9 · answered Apr 26 '19 at 05:47

1

In my case I faced this issue in my simulator because my computer's date was behind of current date. So do check this case too when you face SSL error.

answered Apr 26 '19 at 05:47

Teena nath Paul

2,219
23
28

score 1 · Answer 10 · answered Jun 25 '20 at 21:19

I was getting below error on playback

finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://remote-abcabc-svc.an.abc.com:1935/abr/_definst_/smil:v2/video/492F2F82592F59EA74ABAA6B9D6E6F42/F6B1BD452132329FBACD32730862CAE0/091EAD80FE9BEDD52A2F33840CA3CBAC.v3.eng.smil/playlist.m3u8, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <692A1174-DA1C-4267-9560-9020A79F8458>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <692A1174-DA1C-4267-9560-9020A79F8458>

I made sure that I added entry in exception domains in plist file and NSAllowsArbitraryLoads is set to true and still I was seeing an error.

Then I realized that I am playing URL with https and not http.

I set video url to http and problem solved.

score 0 · Answer 11 · answered Oct 24 '16 at 09:42

0

Xcode project -> goto info.plist and Click + Button then Add (App Transport Security Settings)Expand, Allow Arbitrary Loads Set YES. Thanks

answered Oct 24 '16 at 09:42

Shanmugasundharam

2,082
23
32

@AbdulYasin check your plist and check weather changes are updated or not ? – Shanmugasundharam Apr 14 '17 at 09:33
2

This "laid back" answer totally omits the explanation and security risks associated with this workaround. – Manuel Oct 31 '19 at 23:50

score 0 · Answer 12 · answered May 09 '18 at 06:37

0

My issue was NSURLConnection and that was deprecated in iOS9 so i changed all the API to NSURLSession and that fixed my problem.

NSURLConnection deprecated in iOS9

answered May 09 '18 at 06:37

ajw

2,568
23
27

score 0 · Answer 13 · answered Jul 02 '20 at 12:33

0

I was getting this error for some network calls and not others. I was connected to a public wifi. That free wifi seemed to bee tampering with certain URLs and hence the error.

When I connected to LTE that error went away!

answered Jul 02 '20 at 12:33

mfaani

33,269
19
164
293

score 0 · Answer 14 · answered Jan 11 '22 at 09:17

Using this site, I entered the address of the server to which I made the request and added the generated SHA key to the info.plist.

https://www.ssllabs.com/ssltest/index.html

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSPinnedDomains</key>
        <dict>
            <key>Your domain here (www.api.com)</key>
            <dict>
                <key>NSPinnedLeafIdentities</key>
                <array>
                    <dict>
                        <key>SPKI-SHA256-BASE64</key>
                        <string>******pfbtB5iNouq********rC8Nrb+AmLFKxV7qgM=</string>
                    </dict>
                </array>
            </dict>
        </dict>
    </dict>

iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

14 Answers14

Linked