HTTPS request in iOS 9 : NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

问题

I'm updating my app to accommodate Apple's new ATS. Without any changes to the Plist-Info,the following code throws an error at sendSynchronousRequest() in a vanilla `iOS 9 simulator.

NSURL *url  =[NSURL URLWithString:@"https://Google.com"];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setHTTPMethod:@"GET"];
[request setURL:url];

NSURLResponse *urlResponse = nil;
NSError *error = nil;    
NSData *reponse = [NSURLConnection sendSynchronousRequest:request
                                        returningResponse:&urlResponse
                                                    error:&error];

Error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Any thoughts as to what might be behind this issue?

Ps: I understand that NSURLConnection is deprecated. But this invocations works find if I add AllowArbitraryLoads in Plist.

回答1:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) corresponds to the server not supporting "Forward Secrecy".

To work around this, add a domain exception to .plist file as follows:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>test.testdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>

回答2:

Add a new row in your plist file.

回答3:

I added this code in the info.plist to allow any request http:

 <key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

This article lists all the changes made by Apple for iOS 9 and their implementations:

http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

回答4:

Add the following to the info.plist file. And replace 'My_Base_Url.com' with your web service link's base url. This should do the trick.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>My_Base_Url.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <false/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <true/>
        </dict>
    </dict>
</dict>

回答5:

If your app includes H5 page, sometimes it also will have this error.
It doesn't only require to turn on Allow Arbitrary Loads to fix it, but also require to add code below in your appDelegate.m:

@implementation NSURLRequest(ATS)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}
@end

回答6:

According to this: https://forums.developer.apple.com/message/36842#36842

The correct exception to fix HTTP load failed (kCFStreamErrorDomainSSL, -9802) is:

NSExceptionAllowsInsecureHTTPLoads 

来源：https://stackoverflow.com/questions/31662134/https-request-in-ios-9-nsurlsession-nsurlconnection-http-load-failed-kcfstrea