CFNetwork SSLHandshake iOS 9失败 [英] CFNetwork SSLHandshake failed iOS 9

问题描述

有iOS 9 beta 1的人有这个问题吗？

has anyone with the iOS 9 beta 1 had this issue?

我使用标准NSURLConnection连接到web服务，一旦调用webservice，就会出现以下错误。这个目前在iOS 8.3中工作

I use standard NSURLConnection to connect to a webservice and as soon as a call is made to the webservice i get the below error. This is currently working in iOS 8.3

可能的beta bug？任何想法或想法都会很棒！我知道它在iOS 9开发的早期阶段

Possible beta bug? any ideas or thoughts would be great ! I know its very early in iOS 9 development

这是完整的错误：

CFNetwork SSLHandshake失败（-9824）
NSURLSession / NSURLConnection HTTP加载失败（kCFStreamErrorDomainSSL，-9824）

CFNetwork SSLHandshake failed (-9824) NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

 NSURLRequest * urlRequest = [NSURLRequest requestWithURL:[NSURL URLWithString:@"https://mywebserviceurl"]];
        NSURLResponse * response = nil;
        NSError * error = nil;
        NSData * data = [NSURLConnection sendSynchronousRequest:urlRequest
                                                  returningResponse:&response
                                                              error:&error];

推荐答案

iOS 9和OSX 10.11需要TLSv1.2 SSL才能使用除非您在应用的Info.plist文件中指定例外域，否则您计划从中请求数据的所有主机。

iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app's Info.plist file.

Info.plist配置的语法如下所示：

The syntax for the Info.plist configuration looks like this:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow insecure HTTP requests-->
      <key>NSExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

如果您的应用程序（例如第三方Web浏览器）需要连接到任意主机，您可以这样配置：

If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it like this:

<key>NSAppTransportSecurity</key>
<dict>
    <!--Connect to anything (this is probably BAD)-->
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

如果你不得不这样做，最好更新服务器以使用TLSv1.2和SSL，如果他们还没有这样做。这应该被视为一种临时解决方法。

If you're having to do this, it's probably best to update your servers to use TLSv1.2 and SSL, if they're not already doing so. This should be considered a temporary workaround.

截至今天，预发布文档没有以任何特定方式提及任何这些配置选项。一旦完成，我将更新答案以链接到相关文档。

As of today, the prerelease documentation makes no mention of any of these configuration options in any specific way. Once it does, I'll update the answer to link to the relevant documentation.

这篇关于CFNetwork SSLHandshake iOS 9失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！