1

I am having a problem since upgrading to Xcode 8 from 7.3.1.
I am behind a proxy at work and the simulator will not make any connections to web services though my app although Safari on the simulator works.
Everything works fine when I try outside the proxy and it works fine with 7.3.1.

Does anyone now of any changes with Xcode 8 & iOS 10 that I need to make?

boraseoksoon
  • 2,164
  • 1
  • 20
  • 25
inosu812
  • 101
  • 2
  • 9
  • Try this: http://stackoverflow.com/questions/31254725/transport-security-has-blocked-a-cleartext-http – Jake Sep 29 '16 at 15:56
  • Thanks Jake. The Allow Arbitrary Loads was already set and I just whitelisted the domains but it still doesn't work. – inosu812 Sep 30 '16 at 12:38

1 Answers1

1

The Simulator runs a separate iOS/watchOS/tvOS userspace but shares the host macOS kernel. NSURLSession in the Simulator has its own cache but uses the host socket layer.

Try the relevant URI in Safari in the Simulator and see what you get. If your proxy is performing a man-in-the-middle attack on SSL connections they will be rejected as invalid. If your proxy requires authentication it won't work because the Simulator keychain is separate from the host keychain (though this was done in Xcode 7 so it isn't new).

FTW: We do not recommend that proxies MITM SSL connections; that leaves you dangerously exposed to attackers operating inside the corporate firewall, which is extremely common these days thanks to phishing attacks.

We also highly recommend that you limit ATS exceptions to the absolute minimum required. If your webservice is using insecure SSL settings you should upgrade your webservice, rather than down-grading your users to vulnerable connections. If there is only one or two third-party hosts you need to connect to, limit your ATS exceptions to just those hosts.

If none of this helps please file a bug at https://bugreporter.apple.com. Include the output of sysdiagnose and ~/Library/Logs/CoreSimulator.

russbishop
  • 16,587
  • 7
  • 61
  • 74
  • How to make the Simulator use system keychain/or ask and remember password? Providing password in plain text inside connection:willSendRequestForAuthenticationChallenge (or relevant NSURLSession callback) does not sound like a great solution (althout it works..) – Mindaugas May 16 '17 at 07:04
  • You can authenticate in the Simulator for standard HTTP authentication challenges, it is authenticated proxies that don't currently work. – russbishop May 16 '17 at 16:53