Tls handshake problem with aws certificate

Hi


I'm using an iphone x with ios 13.1 to test my app but when I try to call my backend deployed on aws and covered by an aws certificate the app throws this error:


2019-10-01 15:29:04.099537+0200 CopApp[2120:565037] [] tcp_input [C2.1:3] flags=[R.] seq=1248880982, ack=548775464, win=28408 state=ESTABLISHED rcv_nxt=1248880982, snd_una=548775464

2019-10-01 15:29:04.104758+0200 CopApp[2120:565037] Connection 2: received failure notification

2019-10-01 15:29:04.104938+0200 CopApp[2120:565037] Connection 2: received ECONNRESET with incomplete TLS handshake - generating errSSLClosedNoNotify

2019-10-01 15:29:04.105080+0200 CopApp[2120:565037] Connection 2: failed to connect 3:-9816, reason -1

2019-10-01 15:29:04.105289+0200 CopApp[2120:565037] Connection 2: encountered error(3:-9816)


I don't know why this error is returned because I read all new apple's certificates policies but it seems that aws certificates completely fullfill them.


Can you help me?


Thanks

Up vote post of giamma84 Down vote post of giamma84
6.9k views
Posted by
giamma84
Reply
Add a Comment

Replies

There could be a lot going on here, but to try and gather more information on where the error is taking place, try perform the following:


  1. Double check that you are using a TLS server certificate that meets the iOS 13 minimum requirements on your server. Based upon the error code errSSLClosedNoNotify, the server looks to be closing the SSL session due to a TLS handshake negotiation failure between the server and client. This usually means that there was an error negotiating one of these three things; the version of TLS used in the handshake, the cryptographic algorithms used in the handshake, or the validation of certificates exchanged during the handshake. Not taking advantage of the enhanced sucurity requirements in iOS 13 would an impact on this handshake negotiation.
  2. Check with your server team to see if they are able to help you with debug level SSL logs on the server to pinpoint where the handshake negotiation is failing.


This shoud give you more information on where the handshake error could be taking place.

Posted by
megaton
Up vote reply of megaton Down vote reply of megaton
Add a Comment

The error code here, -9816, translates to 

errSSLClosedNoNotify
. This means the server closed the TCP connection halfway through the TLS handshake. It’s possible that’s because of an error on the client, but it’s more likely that this is an error on the server. Regardless, you need to run an investigation on the server to find out what it’s grumpy about.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Post not yet marked as solved Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

There might be a lot going on here, but in order to attempt to obtain additional information about where the problem is occurring, take the following steps:

  1. Check that your server is utilising a TLS server certificate that matches the iOS 13 minimal criteria. In accordance with the error code errSSLClosedNoNotify, the server seems to be terminating the SSL connection as a result of a failure in the TLS handshake negotiation between the server and the client. In most cases, this indicates that a mistake occurred when negotiating one of three things: the version of TLS used in the handshake, the cryptographic techniques used in the handshake, or the validity of certificates transferred during the handshake. There will be a negative effect on this handshake negotiation if you do not take advantage of the improved security requirements in iOS 13.

  2. Look into the possibility of having your server team assist you with debug level SSL logs on the server, which would help you locate where the handshake negotiation is failing.

Regards- https://www.sevenmentor.com/amazon-web-services-training-institute-in-pune.php

Posted by
Mneha
Up vote reply of Mneha Down vote reply of Mneha
Add a Comment