iOS9 PayPal SDK - "An SSL error has occurred...."

Question

I'm getting the same error as reported in this question iOS9 getting error “an ssl error has occurred and a secure connection to the server cannot be made”

I've checked with SSL labs using the PayPal URL https://mobileclient.paypal.com and it tells me that the it only supports the following ciphers...

TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

Which don't match exactly the ciphers listed in the Apple Documentation https://developer.apple.com/library/prerelease/ios/technotes/App-Transport-Security-Technote/

I wanted to ask is it the fact the ciphers aren't exactly the same the issue? I certainly don't want to bypass ATS as far as PayPal is concerned, do I?

Answer 1

As Flexicoder wrote you have to disable NSExceptionRequiresForwardSecrecy.
Add this to your Info.plist

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>yourDomain.com</key>
            <dict>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
            </dict>
        </dict>
    </dict>

Answer 2

I read the documentation further which is what I should of done before asking the question! But to allow the ciphers that are listed I need to turn off NSExceptionRequireForwardSecrecy for that URL, from the docs...

NSExceptionRequiresForwardSecrecy A Boolean value for overriding the requirement that the domain support forward secrecy using ciphers.

YES is the default value and limits the ciphers to those shown in Default Behavior.

Setting the value to NO adds the following the list of accepted ciphers:

• TLS_RSA_WITH_AES_256_GCM_SHA384
• TLS_RSA_WITH_AES_128_GCM_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_128_CBC_SHA