本文介绍了iOS 9.3:发生SSL错误,无法与服务器建立安全连接的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我收到自签名证书后出现错误

I am getting following error with self signed certificate

在测试我的一个演示应用程序的Web服务时

while testing web-services for one of my demo app with


  • iOS 9.3

  • XCode 7.3

  • Swift 2.2

  • Alamofire 3.3.0

  • 和本地服务器:

  • iOS 9.3
  • XCode 7.3
  • Swift 2.2
  • Alamofire 3.3.0
  • and Local server : https://filename.hostname.net

注意: 在假设之前重复,我会请求请一直阅读,即使我已向苹果开发论坛报告

使用 Alamofire Library

func testAlamofireGETRequest() -> Void
    {
        Alamofire.request(.GET, "https://filename.hostname.net/HelloWeb/service/greeting/john")
            .responseJSON
        { response in
            print("Response JSON: \(response.result.value)")
        }
}






使用 NSURLSession

func testNSURLSessionRequest() -> Void {

        let session = NSURLSession.sharedSession()
        let urlString = "https://filename.hostname.net/HelloWeb/service/greeting/john"
        let url = NSURL(string: urlString)
        let request = NSURLRequest(URL: url!)
        let dataTask = session.dataTaskWithRequest(request) { (data:NSData?, response:NSURLResponse?, error:NSError?) -> Void in
            print("done, error: \(error)")

            //Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made.
        }
        dataTask.resume()
    }







有很多问题已发布,但没有任何对我有用

there are bunch of questions already posted but nothing worked for me











    • Transport Security has Blocked a cleartext HTTP
    • iOS9 getting error "an ssl error has occurred and a secure connection to the server cannot be made"
    • How do I load an HTTP URL with App Transport Security enabled in iOS 9? [duplicate]
    • CFNetwork SSLHandshake failed iOS 9
    • How to handle "CFNetwork SSLHandshake failed" in iOS
    • Making HTTPS request in iOS 9 with self-signed certificate
    • ios9 self signed certificate and app transport security
    • 发布了Alamofire git问题

      posted Alamofire git issue




      • 将我的服务器作为HTTPS连接

      • 'CFNetwork SSLHandshake failed (-9847)' error when performing a non-SSL request #538
      • Self-Signed Certificate not accepted #876
      • how can I connecting my server as HTTPS with using self-signed Certificate file #977

      我的 Info.pist 文件以这种方式更新为ATS设置

      My Info.pist file is updated for ATS settings this way

      <key>NSAppTransportSecurity</key>
          <dict>
              <key>NSExceptionDomains</key>
              <dict>
                  <key>filename.hostname.net</key>
                  <dict>
                      <key>NSExceptionRequiresForwardSecrecy</key>
                      <false/>
                      <key>NSExceptionAllowsInsecureHTTPLoads</key>
                      <true/>
                      <key>NSIncludesSubdomains</key>
                      <true/>
                      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                      <true/>
                  </dict>
              </dict>
          </dict>
      






      同时我能得到回应


      Meanwhile I am able to get response for

      http ://filename.hostname.net

      http://filename.hostname.net

      https ://google.com

      and https://google.com

      不适用于 https :// filename.hostname.net

      but not for https://filename.hostname.net

      任何人都可以建议我为什么在经过巨大努力后无法让这项工作成功?

      Can anyone please suggest me why I am not able to get this working after huge efforts?

      推荐答案

      我认为您尝试连接的服务器具有无效证书或与ECC,密码等的iOS 9标准不匹配。

      I presume the server you are trying to connect has invalid certificates or doesn't match up with the iOS 9 standards for ECC, Ciphers etc.


      • 如果您使用的是高级网络API-NSURLSession,NSURLConnection或其他任何分层 - 您无法直接控制所提供的密码套件由客户。这些API使用自己的内部逻辑选择一组cypher套件。

      • If you’re using high-level networking APIs—NSURLSession, NSURLConnection, or anything layered on top of those—you don’t have direct control over the cypher suites offered by the client. Those APIs choose a set of cypher suites using their own internal logic.

      如果您正在使用较低级别的网络API-CFSocketStream,通过其NSStream和CFStream API以及任何低于此值的内容 - 您可以明确选择该集合您想要使用的密码套件。如何执行此操作取决于具体的API。

      If you’re using lower-level networking APIs—CFSocketStream, via its NSStream and CFStream APIs, and anything lower than that—you can explicitly choose the set of cypher suites you want to use. How you do this depends on the specific API.

      标准做法是:


      1. 创建流对

      1. create the stream pair

      为TLS配置

      使用kCFStreamPropertySSLContext属性获取安全传输上下文

      get the Secure Transport context using the kCFStreamPropertySSLContext property

      在该上下文中配置特定属性

      configure specific properties in that context

      打开流

      你可以看到一个这样的例子TLSTool示例代码。具体来说,请查看类,您可以在其中查看此序列。

      You can see an example of this in the TLSTool sample code. Specifically, look at the TLSToolServer class, where you can see exactly this sequence.

      在非常短的上下文中,您希望以这种方式配置流然而,在Alamofire的情况下,你可以通过以下方式直接执行此操作:

      In a very short context, you want to configure the stream in such a way that it bypasses the security, however, in the case of Alamofire you can do this directly by:

      func bypassAuthentication() {
              let manager = Alamofire.Manager.sharedInstance
              manager.delegate.sessionDidReceiveChallenge = { session, challenge in
                  var disposition: NSURLSessionAuthChallengeDisposition = .PerformDefaultHandling
                  var credential: NSURLCredential?
                  if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
                      disposition = NSURLSessionAuthChallengeDisposition.UseCredential
                      credential = NSURLCredential(forTrust: challenge.protectionSpace.serverTrust!)
                  } else {
                      if challenge.previousFailureCount > 0 {
                          disposition = .CancelAuthenticationChallenge
                      } else {
                          credential = manager.session.configuration.URLCredentialStorage?.defaultCredentialForProtectionSpace(challenge.protectionSpace)
                          if credential != nil {
                              disposition = .UseCredential
                          }
                      }
                  }
                  return (disposition, credential)
              }
          }
      

      如果有帮助请告诉我。
      谢谢!

      let me know if that helps. Thank you!

      这篇关于iOS 9.3:发生SSL错误,无法与服务器建立安全连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-28 03:55