HTTPS request in iOS 9 : NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

15
votes

I'm updating my app to accommodate Apple's new ATS. Without any changes to the Plist-Info,the following code throws an error at sendSynchronousRequest() in a vanilla `iOS 9 simulator.

NSURL *url  =[NSURL URLWithString:@"https://Google.com"];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setHTTPMethod:@"GET"];
[request setURL:url];

NSURLResponse *urlResponse = nil;
NSError *error = nil;    
NSData *reponse = [NSURLConnection sendSynchronousRequest:request
                                        returningResponse:&urlResponse
                                                    error:&error];

Error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Any thoughts as to what might be behind this issue?

Ps: I understand that NSURLConnection is deprecated. But this invocations works find if I add AllowArbitraryLoads in Plist.

6
iosios9
Look in the Apple Forums, in Networking. I posted on this and got a good answer, as have others.David H
Couldn't find it. Can you please share the link?Vignesh Murugesan
This is the link: forums.developer.apple.com/thread/6452David H
Thanks for this link! Only "big hammer" approach mentioned in the forums worked for me :-) Maybe that's because I am using IP address instead of domain name for connecting.Alexey

6 Answers

14
votes

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) corresponds to the server not supporting "Forward Secrecy".

To work around this, add a domain exception to .plist file as follows:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>test.testdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>
9
votes

Add a new row in your plist file.

Add a new row in your plist file

6
votes

I added this code in the info.plist to allow any request http:

 <key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

This article lists all the changes made by Apple for iOS 9 and their implementations:

http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

1
votes

Add the following to the info.plist file. And replace 'My_Base_Url.com' with your web service link's base url. This should do the trick.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>My_Base_Url.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <false/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <true/>
        </dict>
    </dict>
</dict>
1
votes

If your app includes H5 page, sometimes it also will have this error.
It doesn't only require to turn on Allow Arbitrary Loads to fix it, but also require to add code below in your appDelegate.m:


@implementation NSURLRequest(ATS)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}
@end
0
votes

According to this: https://forums.developer.apple.com/message/36842#36842

The correct exception to fix HTTP load failed (kCFStreamErrorDomainSSL, -9802) is:

NSExceptionAllowsInsecureHTTPLoads