directions search in iOS 9 fails with SSL error

When making a call to get directions, e.g. MKDirections calculateDirectionsWithCompletionHandler:(MKDirectionsHandler)completionHandler

...in iOS9 simulator, every call fails with an SSL error. Here's the error trace:


2015-06-13 13:33:35.302 DriveTime[2007:362234] CFNetwork SSLHandshake failed (-9824)

2015-06-13 13:33:35.304 DriveTime[2007:362234] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

2015-06-13 13:33:35.305 DriveTime[2007:361377] PBRequester failed with Error Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x7fb1bb2085f0 {_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fb1b23b6f90 "An SSL error has occurred and a secure connection to the server cannot be made.", NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://gsp-ssl.ls.apple.com/directions.arpc, NSErrorFailingURLStringKey=https://gsp-ssl.ls.apple.com/directions.arpc, _kCFStreamErrorDomainKey=3}

To me it looks like maybe XCode 7 beta isn't using the built in trust store...because visiting https://gsp-ssl.ls.apple.com/directions.arpc in Safari on the same Mac running XCode does not give an SSL error. It could be a host name verification thing perhaps.


Any ideas?

Replies

gsp-ssl.ls.apple.com does not support TLSv1.2, so you will have to force an Application Transport Security exemption. You should probably file a radar on this server to Apple.

Thanks for your reply, but if that's the issue (and it sounds like you have some experience to support your reasoning), why does it work ok in iOS8? Did older versions of iOS use an older version of TLS when making calls over SSL?

Exactly. iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:

<key>NSAppTransportSecurity</key>
  <dict>
  <key>NSAllowsArbitraryLoads</key>
  <true/>
  </dict>

Thereby you're disabling the App Transport Security. Hope that's helpful.


All the best,


Alex

Alex,


I configured my info.plist with this information and yet still a problem.


I need to configure anything else?


Can you help me.


tks,

Leandro

Hi Leandro,


do you still get the same errors? How did you add the workaround to your Info.plist? Did you add it using Xcode's plist editor or did you open the plist file with a standard text editor and add the code snippet via copy and paste? If so, you have to make sure that it is placed correctly ...


All the best,


Alex

I am having the same issue. Have you gotten a solution?

Hey dhash,


usually this should solve your problem: http://alexpoets.com/documents/NSAppTransportSecurity.png. If it doesn't help, tell me which errors you get. 🙂


All the best,


Alex

I am also struggling with this exact same issue.


I have the http://alexpoets.com/documents/NSAppTransportSecurity.png. Still I get the following errors on iOS9:


Important: the connection: willSendRequestForAuthenticationChallenge: is not called on iOS9 but it was on iOS8.

LOG:

CFNetwork SSLHandshake failed (-9806)

2015-09-10 18:16:24.276 _[31113:1415776] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)


connection: didFailWithError:

Printing description of connection:

<NSURLConnection: 0x7fc568eb3d90> { request: <NSMutableURLRequest: 0x7fc568e4ad40> { URL: https://_IP_:_PORT_/_PATH_ } }

Printing description of error:

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9806, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fc56b100930 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://_IP_:_PORT_/_PATH_, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9806, _kCFStreamPropertySSLClientCertificateState=0, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://_IP_:_PORT_/_PATH_, _kCFStreamErrorCodeKey=-9806}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://_IP_:_PORT_/_PATH_, NSErrorFailingURLStringKey=https://_IP_:_PORT_/_PATH_, _kCFStreamErrorDomainKey=3}


Thank you!

Thanks bro, this seriously helped me. 🙂


  1. <key>NSAppTransportSecurity</key>
  2. <dict>
  3. <key>NSAllowsArbitraryLoads</key>
  4. <true/>
  5. </dict>