You run this code:
let URL = "https://www.nasa.gov/sites/default/files/wave_earth_mosaic_3.jpg"
let imageData = NSData(contentsOfURL: NSURL(string: URL)!)
UIImage(data: imageData!)
and you get this:
2015-09-11 16:33:47.433 Cassini[21200:447896]
NSURLSession/NSURLConnection HTTP load failed
(kCFStreamErrorDomainSSL, -9802)
Digging a bit deeper shows SHA1 signature is used.
maximveksler$ openssl s_client -connect www.nasa.gov:443 < /dev/null 2>/dev/null | openssl x509 -text -in /dev/stdin | grep "Signature Algorithm"
Signature Algorithm: sha1WithRSAEncryption
Signature Algorithm: sha1WithRSAEncryption
So as of Sep 11, 2015 NASA are using insecure connection, now what?
Why did it happen?
Because using insecure web is bad for your users privacy.
Beginning with iOS9 Apple are enforcing secure connections your app makes to any resource accessed via HTTP. This means that the server you are connecting to needs to follow up to date secure connection best practices.
As of Sep, 2015 these include:
- Use HTTPS (and not plain http)
- Sign the certificate using SHA-2
- Use Forward Secrecy
More info can be found at App Transport Security Technote
What can you do?
Manage your own servers? Fix it! make sure they are strong and secure. You can verify that your server is good by testing it online with shaaaaaaaaaaaaa.com or locally with any of the methods outline here
If you are connecting to other servers, there are options to "white list" problematic resources, this is discouraged.
Decrease security of a specific URL
Go to your Info.plist and add the following entries:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.nasa.gov</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
Your plist should look like this:
Globally turn off App Transport Security
Note, this is a really really bad idea.
Go to your Info.plist and add the following entries:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
Your plist should look like this:
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/ddy2g.png', '推荐 别忘想泡老子 的文章《Handling App Transport Security (kCFStreamErrorDom》','https://www.manongdao.com/article-179855.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}