I have an enterprise app that I am working on that hits a web API.
I am getting a 9802 error when trying to hit the API.
I am able to hit the API properly when it is just my App and the Server... However, we have an F5 that load-balances our servers - and when we try to go through the F5, I get the 9802 errors.
I've tried the TLSTool, and everything passes just fine with or without the F5.
I have also used NSCurl with the "ats-diagnostics" flag on, and from my iMac, it works perfectly... Here is the output:
Starting ATS Diagnostics Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https:/ A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error. ================================================================================ Default ATS Secure Connection --- ATS Default Connection ATS Dictionary: { } Result : PASS --- ================================================================================ Allowing Arbitrary Loads --- Allow All Loads ATS Dictionary: { NSAllowsArbitraryLoads = true; } Result : PASS --- ================================================================================ Configuring TLS exceptions for apps-test.cticore.com --- TLSv1.2 ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; }; }; } Result : PASS --- --- TLSv1.1 ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; }; }; } Result : PASS --- --- TLSv1.0 ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions for apps-test.cticore.com --- Disabling Perfect Forward Secrecy ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions and allowing insecure HTTP for apps-test.cticore.com --- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled for apps-test.cticore.com --- TLSv1.2 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for apps-test.cticore.com --- TLSv1.2 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "apps-test.cticore.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================
When I try via my App, in iOS, I get the following in my logs:
Can't seem to list this data, every time I try to Post to the forum, it tells me "This message contains invalid characters"
In an earlier post, Eskimo had mentioned using the TLSTool code in an iOS app for testing. I tried that but found that the OSX and iOS Security frameworks are different and the code from TLSTool will not work on iOS.
I have to get this working in my app, and everything on the server side seems to be configured properly, and I can even verify that it all works with the TLSTool AND nscurl.
What is different in iOS that is causing this to fail? I am totally out of ideas and frustrated, so any/all help will be GREATLY appreciated.
Thanks!
Perlguy