CODEWITHSUNDEEP
iosssltcpxcode7
Saranya Sivanandham
Saranya Sivanandham

Reputation: 750

SSL Handshake failed 9801 - TCP connection - Xcode 7

In the app , built on Xcode 7 (beta) , TCP socket connection (NSStream) fails with below error.

**CFNetwork SSLHandshake failed (-9801)

Stream Error -9801: The operation couldn’t be completed. (OSStatus error -9801.)**

In the Info.plist I have also included the ATS following related exceptions.

<key>NSAppTransportSecurity</key>
  <dict>
  <key>NSAllowsArbitraryLoads</key>
    <true/>
          <key>XXdomain</key>

          <dict>
                  <key>NSExceptionAllowsInsecureHTTPLoads</key>
                  <true/>
                  <key>NSExceptionRequiresForwardSecrecy</key>
                  <false/>
          </dict>
  </dict>

But in the below delegate

-(void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode

I got the event code as 8 indicating errorOccured. With the above mentioned description.

Connection established properly through openSSL

openssl s_client -showcerts -connect XXX:ZZZ-ssl3

CONNECTED(00000003)

depth=3 /C=US/O=XXX, Inc./OU=XXXX

verify error:num=19:self signed certificate in certificate chain

verify return:0

Certificate chain

0 s:/C=US/ST=New York/L=New York/O=XXX/OU=XXX/CN=XXX i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4

-----BEGIN CERTIFICATE

MIIFGTCCBAGgAwIBAgIQbfM51mUYqjtW9jExlV1z6zANBgkqhkiG9w0BAQsFADB+ .... VXDdeaPZWHp/cTAlAQ==

-----END CERTIFICATE

1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 -----BEGIN CERTIFICATE

MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB

... Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=

-----END CERTIFICATE

2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -----BEGIN CERTIFICATE----- MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf ... tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/ -----END CERTIFICATE----- 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -----BEGIN CERTIFICATE

MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG ... 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ

--END CERTIFICATE

Server certificate

subject=/C=US/ST=New York/L=New York/O=XXXX/OU=XXXe/CN=XXX

issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4

No client certificate CA names sent

SSL handshake has read 4655 bytes and written 434 bytes


New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:

Protocol  : SSLv3

Cipher    : AES256-SHA

Session-ID: A159CA3FAFF5A23E7CE47C2C1DD21C91310A3820F5A5D1EDE38D451613CAE704

Session-ID-ctx:

Master-Key: XXXXX

Key-Arg  : None

Start Time: 1439320578

Timeout  : 7200 (sec)

Verify return code: 0 (ok)

Upvotes: 2

Views: 1729

Answers (1)

Saranya Sivanandham
Saranya Sivanandham

Reputation: 750

In iOS 9.0 minimum support is for TLS 1.0 and server supported SSL 3.0 only. So I got the above error.

We can check ATS compatibility using the below command in os ei capitain

/usr/bin/nscurl --ats-diagnostics [URL]

Example /usr/bin/nscurl --ats-diagnostics https://apple.com

Upvotes: 0

Related Questions