iOS 9 ATS SSL error with supporting server iOS 9 ATS SSL error with supporting server objective-c objective-c

iOS 9 ATS SSL error with supporting server


ios objective-c ssl nsurlsession ios9

Apple has released the full requirements list for the App Transport Security.

Turned out that we were working with TLS v1.2 but were missing some of the other requirements.

Here's the full check list:

  1. TLS requires at least version 1.2.
  2. Connection ciphers are limited to those that provide forward secrecy (see below for the list of ciphers.)
  3. The service requires a certificate using at least a SHA256 fingerprint with either a 2048 bit or greater RSA key, or a 256bit or greater Elliptic-Curve (ECC) key.
  4. Invalid certificates result in a hard failure and no connection.

The accepted ciphers are:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHATLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHATLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

ios objective-c ssl nsurlsession ios9

In iOS9, Apple added new feature called App Transport Security(ATS).

ATS enforces best practices during network calls, including the use of HTTPS.

Apple Pre-release documentation:

ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one.

If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible.

Add Below key in your info.plist & then see.

<key>NSAppTransportSecurity</key><dict>    <key>NSAllowsArbitraryLoads</key>    <true/></dict>

Even you can add specific exception, 

<key>NSAppTransportSecurity</key><dict>    <key>NSExceptionDomains</key>    <dict>        <key>testdomain.com</key>        <dict>            <key>NSIncludesSubdomains</key>            <false/>            <key>NSExceptionAllowInsecureHTTPSLoads</key>            <false/>            <key>NSExceptionRequiresForwardSecrecy</key>            <true/>            <key>NSExceptionMinimumTLSVersion</key>            <string>TLSv1.2</string>            <key>NSThirdPartyExceptionAllowInsecureHTTPSLoads</key>            <false/>            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>            <true/>            <key>NSThirdPartyExceptionMinimumTLSVersion</key>            <string>TLSv1.2</string>            <key>NSRequiresCertificateTransparency</key>            <false/>        </dict>        ...    </dict></dict>

ios objective-c ssl nsurlsession ios9

Check out this doc that apple provided.

I had a similar issue at runtime on iOS 9 and what I did to fix it was added the NSAppTransportSecurity Dictionary to my info.plist file with the NSAllowsArbitraryLoads Bool set to true and after cleaning and rebuilding it worked.

I hope this helps!

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last