1 Reply
      Latest reply: Sep 11, 2016 7:20 AM by eskimo RSS
      shri.derivco Level 1 Level 1 (0 points)

        Hi,

        We are getting above error when trying to connect to mobile.betway.com from UIWebview. This is reproducible 10% of the time on a stable wifi network and about 60% of the time when switching from wifi to 4G or other network. We have tried adding expection in plist but the result is the same. The website is however ATS complaint (https://www.ssllabs.com/ssltest/analyze.html?d=mobile.betway.com) and here is the ats-diagnosis:

         

        nscurl --ats-diagnostics http://mobile.betway.com

        Starting ATS Diagnostics

         

         

        Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://mobile.betway.com.

        A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.

        Use '--verbose' to view the ATS dictionaries used and to display the error received in URLSession:task:didCompleteWithError:.

        ================================================================================

         

         

        Default ATS Secure Connection

        ---

        ATS Default Connection

        Result : PASS

        ---

         

         

        ================================================================================

         

         

        Allowing Arbitrary Loads

         

         

        ---

        Allow All Loads

        Result : PASS

        ---

         

         

        ================================================================================

         

         

        Configuring TLS exceptions for mobile.betway.com

         

         

        ---

        TLSv1.2

        Result : PASS

        ---

         

         

        ---

        TLSv1.1

        Result : PASS

        ---

         

         

        ---

        TLSv1.0

        Result : PASS

        ---

         

         

        ================================================================================

         

         

        Configuring PFS exceptions for mobile.betway.com

         

         

        ---

        Disabling Perfect Forward Secrecy

        Result : PASS

        ---

         

         

        ================================================================================

         

         

        Configuring PFS exceptions and allowing insecure HTTP for mobile.betway.com

         

         

        ---

        Disabling Perfect Forward Secrecy and Allowing Insecure HTTP

        Result : PASS

        ---

         

         

        ================================================================================

         

         

        Configuring TLS exceptions with PFS disabled for mobile.betway.com

         

         

        ---

        TLSv1.2 with PFS disabled

        Result : PASS

        ---

         

         

        ---

        TLSv1.1 with PFS disabled

        Result : PASS

        ---

         

         

        ---

        TLSv1.0 with PFS disabled

        Result : PASS

        ---

         

         

        ================================================================================

         

         

        Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for mobile.betway.com

         

         

        ---

        TLSv1.2 with PFS disabled and insecure HTTP allowed

        Result : PASS

        ---

         

         

        ---

        TLSv1.1 with PFS disabled and insecure HTTP allowed

        Result : PASS

        ---

         

         

        ---

        TLSv1.0 with PFS disabled and insecure HTTP allowed

        Result : PASS

        ---

         

         

        ================================================================================

        • Re: CFNetwork SSLHandshake failed (-9806)
          eskimo Apple Staff Apple Staff (6,665 points)

          Error -9806 is errSSLClosedAbort, a very generic TLS error that indicates that the TLS connection closed due to a networking error.  Given that things work most of the time, this clearly isn’t an ATS restriction (ATS’s enhanced security requirements apply to every connection).  In my experience intermittent issues like this are usually caused by server-side problems, and a common subcategory of that is issues with your load balancer or redirector.  The next step is to debug this at the packet trace level, preferably with input from whoever runs your server.

          You can get a packet trace from the iOS device’s perspective — an RVI packet trace — using the instructions in QA1176 Getting a Packet Trace.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"