iOS 9 app download from Amazon S3 SSL error: TLS 1.2 support

Question

I get

An SSL error has occurred and a secure connection to the server cannot be made.

on iOS 9 if I try to download a file fr

Answer 1

Just posting to point out that the issue with amazon's certificates are they use SHA-1 and the app transport security requires SHA-2/256.

The fact that NSExceptionRequiresForwardSecrecy works is a bug documented here at apple dev forums. According to the documentation and an Apple engineer in the linked thread a "better" solution would be

NSAppTransportSecurity

    NSExceptionDomains
    
        s3.amazonaws.com
        
            NSIncludesSubdomains
            
            NSExceptionAllowsInsecureHTTPLoads
            
         
     

I use the term "better" very loosely and only mean a solution that does not exercise a bug that Apple will eventually fix. Now this is a fix for the certificate issue only :)