How to track down cause of SSL Errors - NSURLErrorDomain Code=-1200

Question

danny_int OP

Created Aug ’23

Replies 3

Boosts 0

Views 1.5k

Participants 2

I've noticed that our apps get these errors with some regular occurrence:

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made.

I suspect the issue may be because of misconfigured VPNs. But is there any way to get more details about the cause of these SSL failures? If it's an issue with certificate validation or something, it would be great to get the certificate seen at the time of the error as sometimes a simple retry ends up working.

I'm not doing anything particularly special network-wise... using standard URLSession with the default configuration. I have tried implementing URLSessionDelegate.urlSession(:didBecomeInvalidWithError:) and URLSessionDelegate.urlSession(:didReceive:completionHandler:) to see if I could get more details, but nothing.

Boost

Answer 1

DTS Engineer OP

Apple

Aug ’23

If you connect to the site with Safari, does that work?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

danny_int OP

Sep ’23

These are REST endpoints requiring authorization headers, so it's hard to test in Safari. But my main question was whether there's something I can do programmatically in my apps to be able to capture more details when the app encounters SSL errors like this. I just found other posts that lead me to URLError, which I think has the details I'm looking for.

In my own testing, I've seen these errors:

_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9816, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9816, _NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: en0[802.11]}}, _kCFStreamErrorCodeKey=-9816

Not sure if this is the only error. But this suggests the server is closing the connection. So now I just have to find out if the server ever actually got the connection request...

0

Answer 3

DTS Engineer OP

Apple

Sep ’23

But my main question was whether there's something I can do programmatically in my apps to be able to capture more details when the app encounters SSL errors like this.

Capturing the full error is always useful. In most cases there will be an underlying -98xx error with more details. In the example you posted that’s -9816, or errSSLClosedNoNotify, indicating that the TCP connection closed without getting an appropriate TLS ‘close notify’ alert from the server. Sadly, that isn’t as helpful as it sounds because it’s common to see that error when your connection is blocked by policy.

Are you see this errors consistently? Or intermittently? iOS tends to be pretty consistent in this regard, so my experience is that intermittent errors are usually caused by problems on the server side. Gathering enough evidence is convince your server team to investigate that can be a challenge though (-:

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0