4 Replies
      Latest reply on Sep 29, 2015 2:40 AM by pavelsukalin
      Level 1 Level 1 (0 points)

        every connection seems to fail (AFNetworking):

         

        CFNetwork SSLHandshake failed (-9847)

        NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9847)

         

        and the http://....  has been replaced with  https://....

         

        Jeeinc

        • Re: CFNetwork IOS9 SSLHandshake -9847
          Poets Level 1 Level 1 (0 points)

          Hi jeeinc,

           

          today I read that iOS 9 is forcing connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. So you have to ensure that your web server supports this version of the protocol. Otherwise you have to disable the App Transport Security in your app by adding this code snippet to your Info.plist:

          <key>NSAppTransportSecurity</key>
            <dict>
            <key>NSAllowsArbitraryLoads</key>
            <true/>
            </dict>
          

           

          All the best,

           

          Alex

            • Re: CFNetwork IOS9 SSLHandshake -9847
              Universalis Level 1 Level 1 (10 points)

              It is worth adding that a similar problem (but with the code 9802) occurs when connecting to Amazon's AWS servers.

               

              Amazon claim to support TLS 1.2, but I seem to remember from one of the WWDC talks that Apple want apps to connect to sites that support TLS 1.2 only, and not to sites that support both TLS 1.2 and earlier versions.

               

              If this is true, it is a misguided policy by Apple and I have reported it as bug #21380214. Yes, connecting to TLS 1.2-only sites protects against man-in-the-middle downgrade attacks; but no site in the real world is likely to go TLS 1.2-only. The net result is that we, as developers, find ourselves using Alex's workround everywhere, disabling the protection that Apple were trying to give us.

               

              I suggest careful monitoring of the situation and the issuing of bug reports as appropriate.

              • Re: CFNetwork IOS9 SSLHandshake -9847
                pavelsukalin Level 1 Level 1 (0 points)

                It does not work for me...