I have iOS 10 TSL issue (“Security Error: -9801”).

2019-07-26 23:23发布

站内问答 / iOS
1097 3 4

I have App which connects to SSL SOAP service. For iOS 9.3.5 the App works fine. From iOS 10 I have error with code -9801. I suppose this is connected to Apple ATS. The site certificate is configured for TLS 1.0 (but I can not manage certificate configuration).

How can I fix this? I suppose I have to add it as an exception in .plist file.

I also made check with www.ssllabs.com and for section Apple ATS 9 / iOS 9 R it gives error:

Protocol or cipher suite mismatch

but on iOS 9 it works.

EDIT:

I add the domain to ATS exceptions (in info.plist) but the error persists

3条回答
smile是对你的礼貌
2楼-- · 2019-07-26 23:58

Use ATS diagnostics mode in nscurl to get suggested content of ATS dictionary:

nscurl --ats-diagnostics https://yourdomain.com --verbose

查看更多
0人赞 添加讨论(0) 举报
不美不萌又怎样
3楼-- · 2019-07-27 00:05

NSAppTransportSecurity NSAllowsArbitraryLoads

add this key - values in your info.plist, this means it will allow all kind of load. If you have specific domain then you should add that specific domain in info.plist.

Update :

If you need secure connection then you should manage your info.plist like,

     <key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
<dict>
    <key>yourdomain.com</key>
    <dict>
        <!--Include to allow subdomains-->
        <key>NSIncludesSubdomains</key>
        <true/>
        <!--Include to allow HTTP requests-->
        <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
        <true/>
        <!--Include to specify minimum TLS version-->
        <key>NSTemporaryExceptionMinimumTLSVersion</key>
        <string>TLSv1.1</string>
    </dict>
</dict>

or you should use webservice which have ssl integrated!

查看更多
0人赞 添加讨论(0) 举报
淡お忘
4楼-- · 2019-07-27 00:08

I found temporary workaround, but I will continue the investigation of TSL certificate configuration.

I added the URL for our service to ATS exceptions (more info here). Then I have to find out that ATS configuration is changed in iOS 10 and exception must be written as TSLv1.0 instead of 1.0 (I used exception example for other site and inside it was 1.0) - 10x to this answer.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)