NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) for https/ssl enabled web service

0
votes

Getting NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) while consuming web service even though the the web service is secured with ssl. why is that so? webservice url: https://domain.com/services/webservice.asmx?wsdl"

disable TLS1.0 and TLS1.1 and enable onlu TLS1.2 still getting the error

please see the rrror description

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x7fa511eab900>, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9802, NSErrorPeerCertificateChainKey=<CFArray 0x7fa511eb5360 [0x1062e17b0]>{type = immutable, count = 2, values = ( 0 : <cert(0x7fa514110830) s: xxxxxxx.com i: Entrust Certification Authority - L1C> 1 : <cert(0x7fa514110a80) s: Entrust Certification Authority - L1C i: Entrust.net Certification Authority (2048)> )}, NSUnderlyingError=0x7fa511f28400 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://xxxxxxx.com/services/pryxismobilecalendarwebservice.asmx?wsdlLoginJson, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9802, kCFStreamPropertySSLPeerCertificates=<CFArray 0x7fa511eb5360 [0x1062e17b0]>{type = immutable, count = 2, values = ( 0 : <cert(0x7fa514110830) s: myeyonline-uat.ey.com i: Entrust Certification Authority - L1C> 1 : <cert(0x7fa514110a80) s: Entrust Certification Authority - L1C i: Entrust.net Certification Authority (2048)> )}, _kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x7fa511eab900>, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://xxxxxxx.com/services/pryxismobilecalendarwebservice.asmx?wsdlLoginJson, _kCFStreamErrorCodeKey=-9802}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://xxxxxxxcom/services/pryxismobilecalendarwebservice.asmx?wsdlLoginJson, NSErrorFailingURLStringKey=https://xxxxxxx.com/services/pryxismobilecalendarwebservice.asmx?wsdlLoginJson, NSErrorClientCertificateStateKey=0}

2
sslios9tls1.2
Useful linkmbasheerk

2 Answers

0
votes

I figure out the issue, the algorithm used is SHA1 with RSA but iOS9 need SHA2

0
votes

I fixed this by establishing this exception for the auto-signed certified for the domain:

<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>xxxxxxx.com</key>
        <dict>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <true/>
        </dict>
    </dict>
</dict>