iOS9出错"发生ssl错误,无法与服务器建立安全连接"

时间:2022-09-15 15:41:03

Since I upgraded my existing project with iOS 9, I keep getting the error :

自从我用ios9升级了我现有的项目,我一直得到错误:

An SSL error has occurred and a secure connection to the server cannot be made.

发生SSL错误,无法建立到服务器的安全连接。

9 个解决方案

#1


93  

For the iOS9, Apple made a radical decision with iOS 9, disabling all unsecured HTTP traffic from iOS apps, as a part of App Transport Security (ATS).

对于iOS9,苹果公司在iOS9系统上做出了一个激进的决定,禁用了iOS应用中所有的无担保的HTTP流量,这是应用程序传输安全(ATS)的一部分。

To simply disable ATS, you can follow this steps by open Info.plist, and add the following lines:

要禁用ATS,您可以通过open Info执行此步骤。plist,添加以下行:

<key>NSAppTransportSecurity</key>
  <dict>
      <key>NSAllowsArbitraryLoads</key>
      <true/>
  </dict>

#2


44  

Even though allowing arbitrary loads (NSAllowsArbitraryLoads = true) is a good workaround, you shouldn't entirely disable ATS but rather enable the HTTP connection you want to allow:

即使允许任意负载(nsallowsarbityload = true)是一个不错的解决方案,您也不应该完全禁用ATS,而是启用您希望允许的HTTP连接:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

#3


15  

iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:

iOS 9迫使使用HTTPS的连接成为TLS 1.2,以避免近期的漏洞。在ios8中甚至支持未加密的HTTP连接,因此旧版本的TLS也不会产生任何问题。作为解决方案,您可以将此代码片段添加到Info.plist中:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

*referenced to App Transport Security (ATS)

*参考App传输安全(ATS)

iOS9出错"发生ssl错误,无法与服务器建立安全连接"

#4


12  

If you are just targeting specific domains you can try and add this in your application's Info.plist:

如果您只是针对特定的域,您可以尝试将其添加到应用程序的Info.plist中:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

#5


5  

It appears that iOS 9.0.2 breaks requests to valid HTTPS endpoints. My current suspicion is that it is requiring SHA-256 certs or it fails with this error.

iOS 9.0.2似乎中断了对有效HTTPS端点的请求。我目前的猜测是,它需要SHA-256证书,否则这个错误就会失败。

To reproduce, inspect your UIWebView with safari, and try navigating to an arbitrary HTTPS endpoint:

要复制,请使用safari检查您的UIWebView,并尝试导航到任意HTTPS端点:

location.href = "https://d37gvrvc0wt4s1.cloudfront.net/js/v1.4/rollbar.min.js"
// [Error] Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made. (rollbar.min.js, line 0)

Now try going to google (because of course they have a SHA-256 cert):

现在试试谷歌(因为他们当然有SHA-256证书):

location.href = "https://google.com"
// no problemo

Adding an exception to transport security (as outlined by @stéphane-bruckert's answer above) works to fix this. I also assume that completely disabling NSAppTransportSecurity would work too, though I've read that completely disabling it can jeopardize your app review.

为传输安全性添加一个异常(如上面@stephane-bruckert的回答所述)可以修复这个问题。我还假设完全禁用NSAppTransportSecurity也可以工作,尽管我读到过完全禁用NSAppTransportSecurity可能会危及您的应用程序复查。

[EDIT] I've found that simply enumerating the domains I'm connecting to in the NSExceptionDomains dict fixes this problem, even when leaving NSExceptionAllowsInsecureHTTPLoads set to true. :\

[编辑]我发现简单地列举我在NSExceptionDomains dict词中所连接的域就可以解决这个问题,即使把nsexceptionallowsinsecurehttpload设置为true。:\

#6


2  

The problem is the ssl certificate on server side. Either something is interfering or the certificate doesn't match the service. For instance when a site has a ssl cert for www.mydomain.com while the service you use runs on myservice.mydomain.com. That is a different machine.

问题是服务器端的ssl证书。不是有什么东西干扰了,就是证书与服务不匹配。例如,当一个站点拥有www.mydomain.com的ssl证书,而您使用的服务在myservice.mydomain.com上运行时。那是另一台机器。

#7


2  

I get the same error when I specify my HTTPS URL as : https://www.mywebsite.com . However it works fine when I specify it without the three W's as : https://mywebsite.com .

当我指定HTTPS URL为:https://www.mywebsite.com时,我也会得到相同的错误。但是,当我指定它时,它工作得很好,没有三个W: https://mywebsite.com。

#8


0  

Xcode project -> goto info.plist and Click + Button then Add (App Transport Security Settings)Expand, Allow Arbitrary Loads Set YES. Thanks

Xcode项目-> goto信息。plist和点击+按钮添加(App传输安全设置)展开,允许任意加载设置为YES。谢谢

#9


0  

My issue was NSURLConnection and that was deprecated in iOS9 so i changed all the API to NSURLSession and that fixed my problem.

我的问题是NSURLConnection,它在iOS9中被废弃了,所以我将所有API都更改为NSURLSession,这解决了我的问题。

NSURLConnection deprecated in iOS9

在iOS9 NSURLConnection弃用

#1


93  

For the iOS9, Apple made a radical decision with iOS 9, disabling all unsecured HTTP traffic from iOS apps, as a part of App Transport Security (ATS).

对于iOS9,苹果公司在iOS9系统上做出了一个激进的决定,禁用了iOS应用中所有的无担保的HTTP流量,这是应用程序传输安全(ATS)的一部分。

To simply disable ATS, you can follow this steps by open Info.plist, and add the following lines:

要禁用ATS,您可以通过open Info执行此步骤。plist,添加以下行:

<key>NSAppTransportSecurity</key>
  <dict>
      <key>NSAllowsArbitraryLoads</key>
      <true/>
  </dict>

#2


44  

Even though allowing arbitrary loads (NSAllowsArbitraryLoads = true) is a good workaround, you shouldn't entirely disable ATS but rather enable the HTTP connection you want to allow:

即使允许任意负载(nsallowsarbityload = true)是一个不错的解决方案,您也不应该完全禁用ATS,而是启用您希望允许的HTTP连接:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

#3


15  

iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:

iOS 9迫使使用HTTPS的连接成为TLS 1.2,以避免近期的漏洞。在ios8中甚至支持未加密的HTTP连接,因此旧版本的TLS也不会产生任何问题。作为解决方案,您可以将此代码片段添加到Info.plist中:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

*referenced to App Transport Security (ATS)

*参考App传输安全(ATS)

iOS9出错"发生ssl错误,无法与服务器建立安全连接"

#4


12  

If you are just targeting specific domains you can try and add this in your application's Info.plist:

如果您只是针对特定的域,您可以尝试将其添加到应用程序的Info.plist中:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>

#5


5  

It appears that iOS 9.0.2 breaks requests to valid HTTPS endpoints. My current suspicion is that it is requiring SHA-256 certs or it fails with this error.

iOS 9.0.2似乎中断了对有效HTTPS端点的请求。我目前的猜测是,它需要SHA-256证书,否则这个错误就会失败。

To reproduce, inspect your UIWebView with safari, and try navigating to an arbitrary HTTPS endpoint:

要复制,请使用safari检查您的UIWebView,并尝试导航到任意HTTPS端点:

location.href = "https://d37gvrvc0wt4s1.cloudfront.net/js/v1.4/rollbar.min.js"
// [Error] Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made. (rollbar.min.js, line 0)

Now try going to google (because of course they have a SHA-256 cert):

现在试试谷歌(因为他们当然有SHA-256证书):

location.href = "https://google.com"
// no problemo

Adding an exception to transport security (as outlined by @stéphane-bruckert's answer above) works to fix this. I also assume that completely disabling NSAppTransportSecurity would work too, though I've read that completely disabling it can jeopardize your app review.

为传输安全性添加一个异常(如上面@stephane-bruckert的回答所述)可以修复这个问题。我还假设完全禁用NSAppTransportSecurity也可以工作,尽管我读到过完全禁用NSAppTransportSecurity可能会危及您的应用程序复查。

[EDIT] I've found that simply enumerating the domains I'm connecting to in the NSExceptionDomains dict fixes this problem, even when leaving NSExceptionAllowsInsecureHTTPLoads set to true. :\

[编辑]我发现简单地列举我在NSExceptionDomains dict词中所连接的域就可以解决这个问题,即使把nsexceptionallowsinsecurehttpload设置为true。:\

#6


2  

The problem is the ssl certificate on server side. Either something is interfering or the certificate doesn't match the service. For instance when a site has a ssl cert for www.mydomain.com while the service you use runs on myservice.mydomain.com. That is a different machine.

问题是服务器端的ssl证书。不是有什么东西干扰了,就是证书与服务不匹配。例如,当一个站点拥有www.mydomain.com的ssl证书,而您使用的服务在myservice.mydomain.com上运行时。那是另一台机器。

#7


2  

I get the same error when I specify my HTTPS URL as : https://www.mywebsite.com . However it works fine when I specify it without the three W's as : https://mywebsite.com .

当我指定HTTPS URL为:https://www.mywebsite.com时,我也会得到相同的错误。但是,当我指定它时,它工作得很好,没有三个W: https://mywebsite.com。

#8


0  

Xcode project -> goto info.plist and Click + Button then Add (App Transport Security Settings)Expand, Allow Arbitrary Loads Set YES. Thanks

Xcode项目-> goto信息。plist和点击+按钮添加(App传输安全设置)展开,允许任意加载设置为YES。谢谢

#9


0  

My issue was NSURLConnection and that was deprecated in iOS9 so i changed all the API to NSURLSession and that fixed my problem.

我的问题是NSURLConnection,它在iOS9中被废弃了,所以我将所有API都更改为NSURLSession,这解决了我的问题。

NSURLConnection deprecated in iOS9

在iOS9 NSURLConnection弃用