CFNetwork SSLHandshake failed (-9806) & (-9800) & (-9830)

2
votes

I am fetching data using AFNetworking(2.5). in that i also set the "setAllowInvalidCertificates:YES" but still i am getting the error

CFNetwork SSLHandshake failed (-9806)

CFNetwork SSLHandshake failed (-9800)

CFNetwork SSLHandshake failed (-9830)

NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9830)

WebClientERROR: An SSL error has occurred and a secure connection to the server cannot be made.

see, i am using this code

AFSecurityPolicy *policy = [AFSecurityPolicy policyWithPinningMode:AFSSLPinningModeNone];
    [policy setAllowInvalidCertificates:YES];
[op setCompletionBlockWithSuccess:^(AFHTTPRequestOperation *operation, id responseObject) {
    NSLog(@"JSON: %@", responseObject);
    if (completion) {
        completion([[UMWebResponse alloc] initWithJSON:responseObject]);
    }

} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
    if (completion) {
        if (operation.responseObject) {
            if (error.code == 401) {
                [APPDELEGATE showLoginViewController];
            }
            completion([[UMWebResponse alloc] initWithJSON:operation.responseObject]);
        } else {
            if (error.code == 401) {
                [APPDELEGATE showLoginViewController];
            }
            completion([[UMWebResponse alloc] initWithError:error]);
        }
    }
}];
[[NSOperationQueue mainQueue] addOperation:op];

return op;
1
iosobjective-csslafnetworking-2

1 Answers

1
votes

You should edit your server to support TLSv1.2 and secure your http requests as iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts.

But in the meantime, you can add exception in your .plist file as so :

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow insecure HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

If you want to handle every single request, just add this entry in the .plist:

<key>NSAppTransportSecurity</key>
<dict>
    <!--Connect to anything (this is probably BAD)-->
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

source