kCFStreamErrorDomainSSL, -9802 when connecting to a server by IP address through HTTPS in iOS 9

ios iphone afnetworking ios9 app-transport-security
Ryan Fung picture Ryan Fung · Jun 11, 2015 · Viewed 31.9k times · Source

We have an iOS app that connects to our server through HTTPS. When the app is built with the new iOS 9 SDK and ran under iOS 9, the following error occurs:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

The app uses AFNetworking 1.3.4 with pinned certs. The problem occurs if I connect to the server with its IP address. It works if I add the NSAllowsArbitraryLoads config, or if I connect to the server with its domain name.

The Tomcat connector is configured with sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2".

I have tried overriding the host name but it doesn't seem to change anything.

I can't find much official documentation on ATS yet. Maybe connecting with IP address is not supposed to work?

Answer

zaph picture zaph · Jun 11, 2015

iOS9 requires the server to only support TLSv1.2 and support perfect forward security.

Also required is for the app to support IPV6 including not using hard-coded IP addresses. Suggested is to use NSURLSession. Otherwise exception additions must be made in the app plist.

See the WWDC-15 session "Security and your Apps".

Also see Steven Peterson's Blog for details.

Related questions

List saved files in iOS documents directory in a UITableView?

I have set up the following code to save a file to the documents directory: NSLog(@"Saving File..."); NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:@"http://www.reddexuk.com/logo.png"]]; AFHTTPRequestOperation *operation = [[[AFHTTPRequestOperation alloc] initWithRequest:request] autorelease]; NSArray *paths = NSSearchPathForDirectoriesInDomains(…

Read More
AFNetworking 2.0 add headers to GET request

I've just started using AFNetworking 2.0 and I was wondering how I put in headers into a HTTP Get request. The documentation sets up a GET like this: AFHTTPRequestOperationManager *manager = [AFHTTPRequestOperationManager manager]; NSDictionary *parameters = @{@"foo": @"bar"}; [manager POST:@"http://example.com/…

Read More
AFNetworking 2.0 Reachability

I am trying to determine if the user is connected to the internet by using AFNetworking 2.0 and the "AFNetworkReachabilityManager", but it doesen't seem to work. It's always return that there is a valid internet connection, even though the internet is …

Read More