Ios 9.0.1: $http requests to server that supports TLS v1.2 with valid certificate result in CFNetwork SSLHandshake failed


#1

Kind soul

After upgrade to latest XCode 7.0, cordova 5.3.3, ionic 1.1.0, and angular 1.4.6 the application is unable to communicate with the server that has valid SSL certificate and supports TLS v1.2 (verified with curl) on iOS 9.0.1.

I hate to disable security when I do not need to as described in another post iOS 9 Content Loading Problem.

The code is as follows

$http({method: 'POST',
            url: url,
            data: data,
            headers: headers,
            timeout: httpTimeoutMs}).success(successCallback).error(errorCallback);

The error reported is below

2015-09-29 17:26:17.709 MyApp[398:71156] CFNetwork SSLHandshake failed (-9824)
2015-09-29 17:26:17.713 MyApp[398:71177] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)

Thank you and will be grateful for eternity for any option that keeps security intact,
Irena


#2

Does your server support Forward Secrecy? Run a test against your server at https://www.ssllabs.com/ssltest/ to get an overview.
It is possible to change individual settings and not disable ATS completely.
Diagnostic tool is mentioned here: https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/


CFNetwork SSLHandshake failed (-9824)
#3

Thanks a lot! Apparently enabling Forward Secrecy was not enough as our load balancer does not support the cyphers that Apple is required. Ended up overriding Forward Secrecy for the company domain (with full understanding thanks to the link).