kCFStreamErrorDomainSSL，-9802在iOS 9中通过HTTPS通过IP地址连接到服务器时 [英] kCFStreamErrorDomainSSL, -9802 when connecting to a server by IP address through HTTPS in iOS 9

问题描述

我们有一个iOS应用程序通过HTTPS连接到我们的服务器。当使用新的iOS 9 SDK构建应用程序并在iOS 9下运行时，会发生以下错误：

We have an iOS app that connects to our server through HTTPS. When the app is built with the new iOS 9 SDK and ran under iOS 9, the following error occurs:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

该应用程序使用带有固定证书的AFNetworking 1.3.4。如果我使用其IP地址连接到服务器，则会出现此问题。如果我添加 NSAllowsArbitraryLoads ，它会起作用配置，或者如果我用其域名连接到服务器。

The app uses AFNetworking 1.3.4 with pinned certs. The problem occurs if I connect to the server with its IP address. It works if I add the NSAllowsArbitraryLoads config, or if I connect to the server with its domain name.

Tomcat连接器配置了sslEnabledProtocols =TLSv1，TLSv1.1，TLSv1.2。

The Tomcat connector is configured with sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2".

我试过覆盖主机名但似乎没有任何改变。

I have tried overriding the host name but it doesn't seem to change anything.

我还没有找到关于ATS的官方文档。也许连接IP地址不起作用？

I can't find much official documentation on ATS yet. Maybe connecting with IP address is not supposed to work?

推荐答案

iOS9要求服务器只支持TLSv1.2并支持完美转发安全。

iOS9 requires the server to only support TLSv1.2 and support perfect forward security.

此外，还需要应用程序支持IPV6，包括不使用硬编码的IP地址。建议使用 NSURLSession 。否则，必须在app plist中添加异常。

Also required is for the app to support IPV6 including not using hard-coded IP addresses. Suggested is to use NSURLSession. Otherwise exception additions must be made in the app plist.

请参阅WWDC-15会话安全性和您的应用程序。

See the WWDC-15 session "Security and your Apps".

另见 Steven Peterson的博客了解详情。

这篇关于kCFStreamErrorDomainSSL，-9802在iOS 9中通过HTTPS通过IP地址连接到服务器时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！