CFNetwork SSLHandshake 失败 iOS 9 [英] CFNetwork SSLHandshake failed iOS 9

问题描述

使用 iOS 9 beta 1 的人有遇到过这个问题吗?

has anyone with the iOS 9 beta 1 had this issue?

我使用标准 NSURLConnection 连接到网络服务，一旦调用网络服务，我就会收到以下错误.目前适用于 iOS 8.3

I use standard NSURLConnection to connect to a webservice and as soon as a call is made to the webservice i get the below error. This is currently working in iOS 8.3

可能的测试版错误?任何想法或想法都会很棒！我知道它在 iOS 9 开发的早期

Possible beta bug? any ideas or thoughts would be great ! I know its very early in iOS 9 development

这里是完整的错误:

CFNetwork SSLHandshake 失败 (-9824)NSURLSession/NSURLConnection HTTP 加载失败 (kCFStreamErrorDomainSSL, -9824)

CFNetwork SSLHandshake failed (-9824) NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

 NSURLRequest * urlRequest = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://mywebserviceurl"]];
        NSURLResponse * response = nil;
        NSError * error = nil;
        NSData * data = [NSURLConnection sendSynchronousRequest:urlRequest
                                                  returningResponse:&response
                                                              error:&error];

推荐答案

iOS 9 和 OSX 10.11 要求所有您计划从中请求数据的主机使用 TLSv1.2 SSL，除非您在应用的 Info.plist 文件中指定异常域.

iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app's Info.plist file.

Info.plist 配置的语法如下所示:

The syntax for the Info.plist configuration looks like this:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow insecure HTTP requests-->
      <key>NSExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

如果您的应用程序(例如第三方网络浏览器)需要连接到任意主机，您可以这样配置:

If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it like this:

<key>NSAppTransportSecurity</key>
<dict>
    <!--Connect to anything (this is probably BAD)-->
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

如果您必须这样做，最好更新您的服务器以使用 TLSv1.2 和 SSL，如果他们还没有这样做的话.这应该被视为一种临时解决方法.

If you're having to do this, it's probably best to update your servers to use TLSv1.2 and SSL, if they're not already doing so. This should be considered a temporary workaround.

截至今天，预发布文档未以任何特定方式提及任何这些配置选项.完成后，我将更新答案以链接到相关文档.

As of today, the prerelease documentation makes no mention of any of these configuration options in any specific way. Once it does, I'll update the answer to link to the relevant documentation.

这篇关于CFNetwork SSLHandshake 失败 iOS 9的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！