2 Replies
      Latest reply on Aug 19, 2016 10:08 AM by invincible
      neal1 Level 1 Level 1 (10 points)

        Greetings,

        I noticed that iOS 10 does not allow for a connection to a server which uses SHA-1 signature in the certificate chain. While this is understandable for internet facing websites, is there a way to turn it off temporarily for an internal website on the intranet? The same app build with Xcode beta 3 runs fine on iOS 9, so I assume there's nothing I can place in the ATS section. I already have an exception for the server where among other attributes, I have the NSExceptionRequiresForwardSecrecy set to NO. Is there some other attribute I can use to disable this? Turns out that the internal CA root certificate uses SHA-1, and it's going to take a while to have them generate a new one.

         

        List of attributes for that server:

        NSExceptionAllowsInsecureHTTPLoads YES

        NSExceptionMinimumTLSVersion 1.0

        NSExceptionRequiresForwardSecrecy NO

        NSIncludesSubdomains YES

         

        Error log:

        [] nw_coretls_read_one_record tls_handshake_process: [-9801]

        2016-07-20 0n:nn:nn.nnnnn <MyApp>[603:151956] -[delegate connection:didFailWithError:] [Line nnn] connection failed with error: Error Domain=kCFErrorDomainCFNetwork Code=310 "There was a problem communicating with the secure web proxy server (HTTPS)." UserInfo={NSErrorFailingURLStringKey=https://<intranet server>/<some rest root>/<rest call>, NSErrorFailingURLKey=https://<intranet server>/<some rest root>/<rest call>, _kCFStreamErrorCodeKey=-2096, _kCFStreamErrorDomainKey=4, NSLocalizedRecoverySuggestion=Please check your proxy settings. For help with this problem, contact your system administrator., NSLocalizedDescription=There was a problem communicating with the secure web proxy server (HTTPS).}

         

         

        Thanks in advance,

        Neal