HTTPS request in iOS 9 : NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Question

I'm updating my app to accommodate Apple's new ATS. Without any changes to the Plist-Info,the following code throws an error at sendSynchronousRequest() in a vanilla `iOS 9 simulator.

NSURL *url  =[NSURL URLWithString:@"https://Google.com"];
NSMutableURLRequest *request = [[NSMutableURLRequest alloc]init];
[request setHTTPMethod:@"GET"];
[request setURL:url];

NSURLResponse *urlResponse = nil;
NSError *error = nil;    
NSData *reponse = [NSURLConnection sendSynchronousRequest:request
                                        returningResponse:&urlResponse
                                                    error:&error];

Error:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Any thoughts as to what might be behind this issue?

Ps: I understand that NSURLConnection is deprecated. But this invocations works find if I add AllowArbitraryLoads in Plist.

Answer 1

If your app includes H5 page, sometimes it also will have this error.
It doesn't only require to turn on Allow Arbitrary Loads to fix it, but also require to add code below in your appDelegate.m:

@implementation NSURLRequest(ATS)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString *)host
{
    return YES;
}
@end

Answer 2

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) corresponds to the server not supporting "Forward Secrecy".

To work around this, add a domain exception to .plist file as follows:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>test.testdomain.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionRequiresForwardSecrecy</key>
            <false/>
        </dict>
    </dict>
</dict>

Answer 3

Add the following to the info.plist file. And replace 'My_Base_Url.com' with your web service link's base url. This should do the trick.

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>My_Base_Url.com</key>
        <dict>
            <key>NSExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <true/>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSRequiresCertificateTransparency</key>
            <false/>
            <key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
            <false/>
            <key>NSThirdPartyExceptionMinimumTLSVersion</key>
            <string>TLSv1.2</string>
            <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
            <true/>
        </dict>
    </dict>
</dict>

Answer 4

I added this code in the info.plist to allow any request http:

 <key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

This article lists all the changes made by Apple for iOS 9 and their implementations:

http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/

Answer 5

Add a new row in your plist file.

Answer 6

According to this: https://forums.developer.apple.com/message/36842#36842

The correct exception to fix HTTP load failed (kCFStreamErrorDomainSSL, -9802) is:

NSExceptionAllowsInsecureHTTPLoads