如果你的后端使用你开始使用NSURLSession
CFNetwork SSLHandshake failed (-9801)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
为y的安全连接蚂蚁OU需要特别检查服务器配置以获得ATS版本和SSL证书信息:通过设置NSExceptionAllowsInsecureHTTPLoads = YES
而不是仅仅允许不安全的连接,而不是你需要允许的情况下,较低的安全您的服务器不符合分钟要求(v1.2)(或更好地修复服务器端)。
允许较低的安全在单台服务器
<key>NSExceptionDomains</key>
<dict>
<key>api.yourDomaine.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
使用OpenSSL客户调查证书和使用OpenSSL的客户端让你的服务器配置:
openssl s_client -connect api.yourDomaine.com:port //(you may need to specify port or to try with https://... or www.)
..find末
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: //
Session-ID-ctx:
Master-Key: //
Key-Arg : None
Start Time: 1449693038
Timeout : 300 (sec)
Verify return code: 0 (ok)
App Transpor t安全性(ATS)要求传输层安全性(TLS)协议版本1.2。
Requirements for Connecting Using ATS:
The requirements for a web service connection to use App Transport Security (ATS) involve the server, connection ciphers, and certificates, as follows:
Certificates must be signed with one of the following types of keys:
- Secure Hash Algorithm 2 (SHA-2) key with a digest length of at least 256 (that is, SHA-256 or greater)
Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits An invalid certificate results in a hard failure and no connection.
The following connection ciphers support forward secrecy (FS) and work with ATS:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
更新:事实证明,OpenSSL的只提供最低限度的协议版本协议:使用TLSv1 links
非常感谢您的回复,希望文档能够提到构建域例外的关键。再次感谢,你的回答非常明确,我知道很多其他人在ios9 beta论坛 – user3099837
下看到相同的东西,你可以发布文档链接吗? – yuhua
我认为它是如此新,他们还没有更新他们的文档,当他们说他会更新答案。 – user3099837