6

I'm experiencing an issue with my newly installed Xcode 7 where even after installing an SSL certificate on the iOS simulators through Charles (Help > SSL Proxying > Install Charles Root Certificate in iOS Simulators), and explicitly allowing the domain of the server I'm querying in Charles, any attempts to listen in on SSL traffic results in failed connection.

Charles reports the following error:

SSLHandshake: Remote host closed connection during handshake You may need to configure your browser or application to trust the Charles Root Certificate. See SSL Proxying in the Help menu.

Xcode console reports:

2015-09-23 11:29:44.173 Citifyd[8352:449043] Error in registration. Error: Error Domain=NSCocoaErrorDomain Code=3010 "REMOTE_NOTIFICATION_SIMULATOR_NOT_SUPPORTED_NSERROR_DESCRIPTION" UserInfo={NSLocalizedDescription=REMOTE_NOTIFICATION_SIMULATOR_NOT_SUPPORTED_NSERROR_DESCRIPTION} 2015-09-23 11:29:44.483 Citifyd[8352:449381] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) 2015-09-23 11:29:44.509 Citifyd[8352:449043] API ERRROR Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."

Things worked fine in Xcode 6 under the same setup - anyone have any ideas?

mokagio
  • 16,391
  • 3
  • 51
  • 58
Dave Cole
  • 2,446
  • 2
  • 20
  • 26

1 Answers1

10

I solved the issue based on this thread: https://forums.developer.apple.com/thread/4988

iOS 9 (which the Xcode 7 emulators run) has stricter requirements for SSL transport - from user "Poets" in the above thread:

iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:

<key>NSAppTransportSecurity</key>  
  <dict>  
  <key>NSAllowsArbitraryLoads</key>  
  <true/>  
</dict>

This enables Charles to show you unencrypted traffic when using iOS 9 emulators. You'll likely want to disable this once you distribute your apps.

mokagio
  • 16,391
  • 3
  • 51
  • 58
Dave Cole
  • 2,446
  • 2
  • 20
  • 26
  • 1
    This is the only solution I found too. It's a little bit of a pain having to remember to remove this before building for the AppStore. – Zoltán Sep 29 '15 at 19:59
  • 1
    This one opens the HTTP for all the domains which is dangerous. You can specify to allow only your own development server and you can also specify the TLS version. Detailed answer is [here](http://stackoverflow.com/a/31254874/1051215) – Ramaraj T Oct 14 '15 at 05:47
  • Thanks. In general my solution for maintaining iOS apps is: when something breaks apply any "this is dangerous" advice for fixing it, then when I have time to dick around create a new project with default settings and bring the old code into it and do what is actually needed – William Entriken Dec 17 '15 at 21:23