SSL error has occured - no secure connection could be made

App & System Services Networking
PeterJT OP
Created Jun ’22
Replies 2
Boosts 0
Views 2.6k
Participants 2

Hi

We have an app (ios) that communicates with Azure WebApp backend working on TLS1.2

Since mid May we recieve complants from our customer that the connection fails. This happens regulary and almost of the time when using 3G/4G cellular data. I can simulate this issue (on 4G with good connection)

The customer can use the app but after some API requests we get an exception:

NSLocalizedDescription=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://sxxxx.azurewebsites.net./api/AppRequest., NSUnderlyingError=0x2831ff810 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9816, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: pdp_ip0, ipv4, ipv6, dns, expensive}}, _kCFStreamErrorCodeKey=-9816}

We connect directly to domain from azurewebsites.net (we don't use online custom domain).

Build with XCode 13.3

We don't use client authentication.

Any idea's what is wrong?

Regards

Peter.

Replies  2
Boosts  0
Views  2.6k
Participants  2
Systems Engineer OP
Apple
Jun ’22

I can simulate this issue (on 4G with good connection) The customer can use the app but after some API requests we get an exception:

If the app can be used, but then after some time a TLS failure starts to occur, then this is typically an indication that your app is talking to a server it did not expect to downstream. The error for _kCFStreamErrorCodeKey=-9816 maps a TLS server error where the server closed the connection without any other information as of why this happened.

Since you can reproduce this on your end then you have a number of ways to proceed to track this down:

  1. With a debug build of your app, try running this on Instruments with the Network trace template. This should at least tell you the downstream IP of the connection that failed.

  2. Tack a packet trace and reproduce this issue. Like #1, this should also give your the IP of the downstream server that closed your connection. What this should also give you is the where in the TLS handshake that the failure took place. This gives you the information to talk to the server side team and inquire about the TLS failure.

0
PeterJT OP
Jun ’22

Hi

Just found the issue. The Azure app was configured for HTTP1.1, we have changed to HTTP2 and the problem is fixed now.

Regards,

0
SSL error has occured - no secure connection could be made
First post date Last post date
 
 
Q