15

I'm updating my app to accommodate Apple's new ATS. Without any changes to the Plist-Info,the following code throws an error at sendSynchronousRequest() in a vanilla `iOS 9 simulator.

NSURL *url  =[NSURL URLWithString:@"https://Google.com"];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setHTTPMethod:@"GET"];
[request setURL:url];

NSURLResponse *urlResponse = nil;
NSError *error = nil;    
NSData *reponse = [NSURLConnection sendSynchronousRequest:request
                                        returningResponse:&urlResponse
                                                    error:&error];

Error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Any thoughts as to what might be behind this issue?

Ps: I understand that NSURLConnection is deprecated. But this invocations works find if I add AllowArbitraryLoads in Plist.

Amit
  • 4,837
  • 5
  • 31
  • 46
Vignesh Murugesan
  • 747
  • 1
  • 5
  • 20

6 Answers6

14

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) corresponds to the server not supporting "Forward Secrecy".

To work around this, add a domain exception to .plist file as follows:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>test.testdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>
kalpesh
  • 1,285
  • 1
  • 17
  • 30
Vignesh Murugesan
  • 747
  • 1
  • 5
  • 20
  • 1
    After add above code in plist.. i'm getting same error NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) error=Optional(Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." – Yalamandarao Aug 18 '16 at 17:16
  • i am still facing the issue , have you guys found the solution? – Sanju Jan 10 '17 at 09:43
  • Doesn't work. Shall I use test.testdomain.com or something like: test.testdomain.com/some/path/here – Josh Jan 23 '17 at 15:41
  • I faced same issue even after adding above steps. – Nirmalsinh Rathod Mar 02 '17 at 03:58
9

Add a new row in your plist file.

Add a new row in your plist file

pkc456
  • 8,350
  • 38
  • 53
  • 109
6

I added this code in the info.plist to allow any request http:

 <key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

This article lists all the changes made by Apple for iOS 9 and their implementations:

http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

delarcomarta
  • 263
  • 3
  • 9
1

Add the following to the info.plist file. And replace 'My_Base_Url.com' with your web service link's base url. This should do the trick.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>My_Base_Url.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <false/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <true/>
        </dict>
    </dict>
</dict>
Lazy
  • 670
  • 5
  • 14
1

If your app includes H5 page, sometimes it also will have this error.
It doesn't only require to turn on Allow Arbitrary Loads to fix it, but also require to add code below in your appDelegate.m:


@implementation NSURLRequest(ATS)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}
@end
scorpiozj
  • 2,687
  • 5
  • 34
  • 60
0

According to this: https://forums.developer.apple.com/message/36842#36842

The correct exception to fix HTTP load failed (kCFStreamErrorDomainSSL, -9802) is:

NSExceptionAllowsInsecureHTTPLoads
spirographer
  • 630
  • 4
  • 18
  • 1
    That case is interesting - thanks for sharing. In my case, this error was due to server not supporting forward secrecy. We ultimately fixed the cipher suite list in our server end to support FwSec and that fixed the app (and exception '..ExceptionRequiresForwardSecrecy' was no longer needed). – Vignesh Murugesan Sep 29 '15 at 14:37
  • Our case was due to having a self signed certificate in our test virtual machine. – spirographer Sep 30 '15 at 01:58
  • @spirographer - so how did you get your self-signed certificate on your VM to work? – ness-EE Feb 21 '16 at 15:18
  • @ness-EE I totally recommend using https://letsencrypt.org/ now that they are launched. That way you don't need any exceptions to support VM differently than production. – spirographer Feb 22 '16 at 23:01