NSURLSession/NSURLConnection HTTP load failed on iOS 9
Asked Answered
I

13

137

Tried to run my existing app on iOS9 but getting failure while using AFURLSessionManager.

__block NSURLSessionDataTask *task = [self.sessionManager dataTaskWithRequest:request completionHandler:^(NSURLResponse * __unused response, id responseObject, NSError *error) {
    if (error) {

    } else {

    }
}];

[task resume];

I get the following error:

Error Domain=NSURLErrorDomain Code=-999 "cancelled.

Also getting following logs:

 NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824
 CFNetwork SSLHandshake failed (-9824)

Update: I have added multiple updates to my solution: NSURLSession/NSURLConnection HTTP load failed on iOS 9

Infrangible answered 9/6, 2015 at 17:58 Comment(5)
You're certain the error is happening on the first line?Purpleness
I had the same issue. This seemed to cover the issue: #30721313Plasmasol
I am facing issue with metor Error Domain=NSURLErrorDomain Code=-1004Erysipelas
finished with error [-1004] Error Domain=NSURLErrorDomain Code=-1004 "Could not connect to the server." UserInfo={_kCFStreamErrorCodeKey=61, NSUnderlyingError=0x281202f40 {Error Domain=kCFErrorDomainCFNetwork Code=-1004 "(null)" UserInfo={_NSURLErrorNWPathKey=satisfied (Path is satisfied), interface: lo0, _kCFStreamErrorCodeKey=61, _kCFStreamErrorDomainKey=1}}, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <9DE5A4F0-353C-469A-9390-F279E93EFDF0>.<1>,Erysipelas
_NSURLErrorRelatedURLSessionTaskErrorKey=( "LocalDataTask <9DE5A4F0-353C-469A-9390-F279E93EFDF0>.<1>" ), NSLocalizedDescription=Could not connect to the server., NSErrorFailingURLStringKey=localhost:8081/status, NSErrorFailingURLKey=localhost:8081/status, _kCFStreamErrorDomainKey=1}Erysipelas
I
240

Found solution:

In iOS9, ATS enforces best practices during network calls, including the use of HTTPS.

From Apple documentation:

ATS prevents accidental disclosure, provides secure default behavior, and is easy to adopt. You should adopt ATS as soon as possible, regardless of whether you’re creating a new app or updating an existing one. If you’re developing a new app, you should use HTTPS exclusively. If you have an existing app, you should use HTTPS as much as you can right now, and create a plan for migrating the rest of your app as soon as possible.

In beta 1, currently there is no way to define this in info.plist. Solution is to add it manually:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

enter image description here

Update1: This is a temporary workaround until you're ready to adopt iOS9 ATS support.

Update2: For more details please refer following link: http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

Update3: If you are trying to connect to a host (YOURHOST.COM) that only has TLS 1.0

Add these to your app's Info.plist

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>YOURHOST.COM</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>1.0</string>
            <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>
Infrangible answered 10/6, 2015 at 5:56 Comment(11)
Be aware that you just got rid of Application Transport Security completely, so one major iOS 9 feature is just gone from your app. This is a hack, and I wouldn't be surprised if that hack would get your ap rejected. Adding particular websites to this dictionaries will more likely be allowed.Gathard
@StevenPeterson You'll only be able to get an entire app excluded on a case-by-case basis by Apple. I assume if Apple blesses your app with this ability, they will instruct you to include this key. Expect Apple to do this rarely.Mercola
Please, please, please, please, please - don't just add the exception to your plist and move on "just because it works". Consider the security of your user's data and implement SSL and other security best practices.Olatha
@gnasher729, I understand its better to support TLS 1.2, instead of just disabling ATS. However, what can you do if you rely on a 3rd party API/web service. I can't force them to upgrade, so what can I do??Saccharase
confirming that this also worked for me when using the LayerKit SDKPontianak
@user1139893: this is what I am trying to do with MAMP. Up to now I haven't succeeded. Can you explain me how to do it?Seaden
@Mercola I got my app accepted without problems with this method (allowing every connection)Korwun
@Signo Don't be surprised when you can no longer turn it off entirely.Mercola
@Mercola It's not something that depends on me, the frameworks I use has the problem so until I can update them the problem will persist. and for now this is the only fix that worksKorwun
@Tariq, why is it working good with NSURLSession & not with AFNetworking?Behring
There is a subtle bug in this answer: NSTemporaryExceptionMinimumTLSVersion must be e.g. TLSv1.0 instead of 1.0, see NSAppTransportSecurity Exception domains dictionary keysRobins
S
54

How to deal with the SSL in iOS9,One solution is to do like:

As the Apple say : enter image description here enter image description here

enter image description here

iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app's Info.plist file.

The syntax for the Info.plist configuration looks like this:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow insecure HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it like this:

<key>NSAppTransportSecurity</key>
<dict>
    <!--Connect to anything (this is probably BAD)-->
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

If you're having to do this, it's probably best to update your servers to use TLSv1.2 and SSL, if they're not already doing so. This should be considered a temporary workaround.

As of today, the prerelease documentation makes no mention of any of these configuration options in any specific way. Once it does, I'll update the answer to link to the relevant documentation.

For more info ,go to iOS9AdaptationTips

Spooky answered 15/6, 2015 at 2:45 Comment(3)
SSL and TLS are different encryption layers used by the HTTPS protocols. Thus, one should disable SSL altogether and use TLS v1.2 or later. For more information, i would recommend starting with the following resource: SSL/ TLS Security 2015 - A Simplified Quick GuideRaguelragweed
I have only add any luck with the bottom example where you set NSAllowsArbitraryLoads to true. My server is using TLS v1.2 exclusively and I still have to do this to get it to work. Very frustrating.Lamontlamontagne
So is there any workaround I could use to know for sure my new app will get approved in the App Store, such as a proxy service?Chromatography
K
41

Apple's Technote on App Transport Security is very handy; it helped us find a more secure solution to our issue.

Hopefully this will help someone else. We were having issues connecting to Amazon S3 URLs that appeared to be perfectly valid, TLSv12 HTTPS URLs. Turns out we had to disable NSExceptionRequiresForwardSecrecy to enable another handful of ciphers that S3 uses.

In our Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>amazonaws.com</key>
    <dict>
      <key>NSIncludesSubdomains</key>
      <true/>
      <key>NSExceptionRequiresForwardSecrecy</key>
      <false/>
    </dict>
  </dict>
</dict>
Kaufmann answered 10/9, 2015 at 16:15 Comment(3)
This was my exact problem, and it fixed it instantly! Thank! :)Applicative
This solves the problem I had too; different cases may required different settings though. The good news is that he technote also contains info on how to use nsurl to help you find the correct settings in general.Harshman
I needed to do the same for cloudfront.net if I used a CDN in front of Amazon S3.Lavern
T
7

If you're having this problem with Amazon S3 as me, try to paste this on your info.plist as a direct child of your top level tag

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>amazonaws.com</key>
        <dict>
              <key>NSThirdPartyExceptionMinimumTLSVersion</key>
              <string>TLSv1.0</string>
              <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
              <false/>
              <key>NSIncludesSubdomains</key>
              <true/>
        </dict>
        <key>amazonaws.com.cn</key>
        <dict>
              <key>NSThirdPartyExceptionMinimumTLSVersion</key>
              <string>TLSv1.0</string>
              <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
              <false/>
              <key>NSIncludesSubdomains</key>
              <true/>
        </dict>
    </dict>
</dict>

You can find more info at:

http://docs.aws.amazon.com/mobile/sdkforios/developerguide/ats.html#resolving-the-issue

Teresaterese answered 15/10, 2015 at 22:52 Comment(1)
God bless you broPolack
A
5

I found solution from here. And its working for me.

Check this, it may help you.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
         <dict>
             <key>myDomain.com</key>
                    <dict>
                      <!--Include to allow subdomains-->
                      <key>NSIncludesSubdomains</key>
                      <true/>
                      <!--Include to allow HTTP requests-->
                      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
                      <true/>
                      <!--Include to specify minimum TLS version-->
                      <key>NSTemporaryExceptionMinimumTLSVersion</key>
                      <string>TLSv1.1</string>
                </dict>
          </dict>
</dict>
Ashjian answered 12/6, 2015 at 10:21 Comment(0)
D
4

Simply add the following fields in your .plist file

enter image description here

Syntax looks like this:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>
Doreathadoreen answered 10/12, 2015 at 10:46 Comment(1)
This will allow all http requests. Works, but not recommended.Rousseau
S
2

Update:

As of Xcode 7.1, you don't need to manually enter the NSAppTransportSecurity Dictionary in the info.plist.

It will now autocomplete for you, realize it's a dictionary, and then autocomplete the Allows Arbitrary Loads as well. info.plist screenshot

Steels answered 22/10, 2015 at 16:1 Comment(1)
This will allow all http requests. Works, but not recommended.Rousseau
P
2

Solve NSURLConnection Http load failed bug Just Add following Dict in info.plist:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSAllowsArbitraryLoadsInWebContent</key>
        <true/>
    </dict>
Portative answered 4/5, 2017 at 15:15 Comment(0)
A
1

I have solved it with adding some key in info.plist. The steps I followed are:

I Opened my project's info.plist file

Added a Key called NSAppTransportSecurity as a Dictionary.

Added a Subkey called NSAllowsArbitraryLoads as Boolean and set its value to YES as like following image. enter image description here

Clean the Project and Now Everything is Running fine as like before.

Ref Link: https://stackoverflow.com/a/32609970

Adenoidal answered 18/9, 2015 at 12:51 Comment(0)
R
1

This is what worked for me when I had this error:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.0</string>
        </dict>
    </dict>
</dict>
Rousseau answered 11/3, 2016 at 20:30 Comment(0)
Q
1

You can try add this function in file RCTHTTPRequestHandler.m

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition disposition, NSURLCredential *credential))completionHandler { completionHandler(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]); }

Quadrifid answered 25/4, 2017 at 15:2 Comment(0)
C
1

In addition to the above mentioned answers ,recheck your url

Castellatus answered 4/1, 2018 at 7:47 Comment(1)
In my case I was trying to load .html file.Castellatus
C
0

You should add App Transport Security Settings to info.plist and add Allow Arbitrary Loads to App Transport Security Settings

enter image description here

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
    </dict>
Columnist answered 20/9, 2019 at 12:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.