Hi all,
I have created an App using Cordova / AngularJS and then created an iOS version using XCode.
All was fine and I was on the point of beginning beta testing with a preselected group of volunteers,
but then Apple released iOS9 and now my App refuses to connect to my server to load any data.
I have researched as much as I can and read up on Forward Secrecy and App Transport Security.
The team who manage our servers have enabled forward secrecy and so on our app server but my app still does not work.
Recently I managed to upgrade my Macbook to El Capitain and ran the new nscurl tool.
/usr/bin/nscurl --ats-diagnostics https://mobileapp.tuskerdirect.com
Hereβs the output of that test.
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https:/
A test will βPASSβ if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
ATS Default Connection
ATS Dictionary:
{
}
2015-11-09 09:57:03.925 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:03.926 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6daf04110 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
================================================================================
Allowing Arbitrary Loads
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
2015-11-09 09:57:03.988 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.058 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.113 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.114 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dae057a0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
================================================================================
Configuring TLS exceptions for mobileapp.tuskerdirect.com
TLSv1.2
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
};
};
}
2015-11-09 09:57:04.175 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.176 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac34880 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
TLSv1.1
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
};
};
}
2015-11-09 09:57:04.237 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.238 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dae0a2e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
TLSv1.0
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
};
};
}
2015-11-09 09:57:04.289 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.289 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac2d7a0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
================================================================================
Configuring PFS exceptions for mobileapp.tuskerdirect.com
Disabling Perfect Forward Secrecy
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.347 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.348 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac38280 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for mobileapp.tuskerdirect.com
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.420 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.475 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.547 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.547 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dad528f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
================================================================================
Configuring TLS exceptions with PFS disabled for mobileapp.tuskerdirect.com
TLSv1.2 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.607 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.608 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac31650 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
TLSv1.1 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.656 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.657 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac3c5d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
TLSv1.0 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.716 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.717 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dae0d790 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for mobileapp.tuskerdirect.com
TLSv1.2 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.772 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.836 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.885 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.886 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac2b260 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
TLSv1.1 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:04.936 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:04.989 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:05.037 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:05.037 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac3f4e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
TLSv1.0 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"mobileapp.tuskerdirect.com" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2015-11-09 09:57:05.097 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:05.145 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:05.199 nscurl[819:27003] CFNetwork SSLHandshake failed (-9824)
2015-11-09 09:57:05.200 nscurl[819:27003] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 βAn SSL error has occurred and a secure connection to the server cannot be made.β UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fd6dac43d10 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 β(null)β UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https:/ NSErrorFailingURLStringKey=https:/ _kCFStreamErrorDomainKey=3}
================================================================================
My question is simple does anyone have any suggestions why my app (using latest iOS9 on an iPhone 6)
will not connect to my app server using JSONP which it had no issues with when it was iOS8.
Any help will be gratefully recieved
many thanks