Hi, my application has an NSAllowsArbitraryLoads flag in Info.plist which is set to YES. I want to enable ATS checks and therefore is trying to disable NSAllowsArbitraryLoads option. But I faced with problem.
I am completely delete NSAppTransportSecurity section from Info.plist and then run the application. When I use dev stand everything is okay and works good.
But since I've switched my application to production stand – any internet connection is failed with following error:
2022-03-30 03:23:17.511459+0300 *[10271:4471591] Connection 77: strict TLS Trust evaluation failed(-9802)
2022-03-30 03:23:17.511549+0300 *[10271:4471591] Connection 77: TLS Trust encountered error 3:-9802
2022-03-30 03:23:17.511629+0300 *[10271:4471591] Connection 77: encountered error(3:-9802)
2022-03-30 03:23:17.512571+0300 *[10271:4471591] Task <4F7E00BD-2CB7-4055-A8DF-69CD9F562800>.<54> HTTP load failed, 0/0 bytes (error code: -1200 [3:-9802])
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3,
...
// certificate chain
I've already red a lot of topics about TLS validation and checked some hypothesis. For example I've checked this:
openssl s_client -connect ***.***.com:443
And the returned info is said, that server meets ATS requirements
Server public key is 2048 bit
Protocol : TLSv1.2 (ok)
Cipher : ECDHE-RSA-CHACHA20-POLY1305 (ok)
Verify return code: 0 (ok)
Another interesting point, is that if i use a corporate VPN – everything works perfect even for production stand. But when corporate VPN is switched off – error comes back. The main difference, that i realized – changed certificates list for this cases.
Currently I have no idea what's going wrong, because it seems, that backend fully support ATS requirements. Any idea will be great!
