Greetings,
I noticed that iOS 10 does not allow for a connection to a server which uses SHA-1 signature in the certificate chain. While this is understandable for internet facing websites, is there a way to turn it off temporarily for an internal website on the intranet? The same app build with Xcode beta 3 runs fine on iOS 9, so I assume there's nothing I can place in the ATS section. I already have an exception for the server where among other attributes, I have the NSExceptionRequiresForwardSecrecy set to NO. Is there some other attribute I can use to disable this? Turns out that the internal CA root certificate uses SHA-1, and it's going to take a while to have them generate a new one.
List of attributes for that server:
NSExceptionAllowsInsecureHTTPLoads YES
NSExceptionMinimumTLSVersion 1.0
NSExceptionRequiresForwardSecrecy NO
NSIncludesSubdomains YES
Error log:
[] nw_coretls_read_one_record tls_handshake_process: [-9801]
2016-07-20 0n:nn:nn.nnnnn <MyApp>[603:151956] -[delegate connection:didFailWithError:] [Line nnn] connection failed with error: Error Domain=kCFErrorDomainCFNetwork Code=310 "There was a problem communicating with the secure web proxy server (HTTPS)." UserInfo={NSErrorFailingURLStringKey=https://<intranet server>/<some rest root>/<rest call>, NSErrorFailingURLKey=https://<intranet server>/<some rest root>/<rest call>, _kCFStreamErrorCodeKey=-2096, _kCFStreamErrorDomainKey=4, NSLocalizedRecoverySuggestion=Please check your proxy settings. For help with this problem, contact your system administrator., NSLocalizedDescription=There was a problem communicating with the secure web proxy server (HTTPS).}
Thanks in advance,
Neal