CODEWITHSUNDEEP
iosswiftapp-transport-security
shunsuke_stackoverflow
shunsuke_stackoverflow

Reputation: 467

Why couldn't access?

I would like to access to page which is https of inside company on iOS simulator. This page could be accessed on safari. But WKWebView couldn't access. Program said the following error.

An SSL error has occurred and a secure connection to the server cannot be made.

TLS Version is TLSv1.2.

If i set NSAllowsArbitraryLoads,I could access. But this way is not good,I think.

My code is the following.

//
//  ViewController.swift
//  TestClient
//
//  Created by 平塚 俊輔 on 2015/12/07.
//  Copyright © 2015年 平塚 俊輔. All rights reserved.
//

//1.WebKit Frameworkをimportする
import WebKit

class ViewController: UIViewController, WKNavigationDelegate {

    //2.WKWebviewの宣言!
    var _webkitview: WKWebView?

    override func viewDidLoad() {
        super.viewDidLoad()
        // Do any additional setup after loading the view, typically from a nib.

        //3.WebKitのインスタンス作成!
        self._webkitview = WKWebView()

        //4.ここでWebKitをviewに紐付け
        self.view = self._webkitview!
        self._webkitview!.navigationDelegate = self
        //5.URL作って、表示させる!
        var url = NSURL(string:"https:/******")
        var req = NSURLRequest(URL:url!)
        self._webkitview!.loadRequest(req)
    }

    // MARK: WKNavigationDelegate
    func webView(webView: WKWebView, didStartProvisionalNavigation navigation: WKNavigation!) {
        NSLog("Start")
    }

    func webView(webView: WKWebView!, didFailNavigation navigation: WKNavigation!, withError error: NSError!) {
        NSLog("Failed Navigation %@", error.localizedDescription)
    }

    func webView(webView: WKWebView!, didFinishNavigation navigation: WKNavigation!) {
        // Finish navigation
        NSLog("Finish Navigation")
        NSLog("Title:%@ URL:%@", webView.title!, webView.URL!)

        // Run Javascript(For local)
//        webView.evaluateJavaScript("var el=document.getElementById('user');el.style.backgroundColor='yellow';", nil)
    }

    func webView(webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: NSError) {
        print(error)
    }

    override func didReceiveMemoryWarning() {
        super.didReceiveMemoryWarning()
        // Dispose of any resources that can be recreated.
    }
}

What is this problem?

By the way,I could access on real device. I couldn't access on only simulator.

Upvotes: 2

Views: 624

Answers (2)

jcaron
jcaron

Reputation: 17720

App Transport Security involves a lot more than just HTTPS (TLS). It also involves specific types of ciphers and certificates which may or may not be allowed.

You'll find the details here:

https://developer.apple.com/library/prerelease/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35

Requirements for Connecting Using ATS

The requirements for a web service connection to use App Transport Security (ATS) involve the server, connection ciphers, and certificates, as follows:

  • Certificates must be signed with one of the following types of keys:
    • Secure Hash Algorithm 2 (SHA-2) key with a digest length of at least 256 (that is, SHA-256 or greater)
    • Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
    • Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits

An invalid certificate results in a hard failure and no connection.

  • The following connection ciphers support forward secrecy (FS) and work with ATS:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

The "good" option is to reconfigure your server to use appropriate ciphers and certificates. Otherwise, you can disable the checks, either globally or on a more granular basis, either for all sites or just for specific domains and/or subdomains. The "tighter" the exceptions the better.

Upvotes: 4

ShahiM
ShahiM

Reputation: 3268

In iOS9, Apple has introduced App Transport Security (ATS), which blocks all unsecured HTTP traffic from iOS apps.

To disable ATS, you can follow these quick steps: right click Info.plist and select view as>source code, then add the following lines:

<key>NSAppTransportSecurity</key>
<dict>
  <!--Include to allow all connections (DANGER)-->
  <key>NSAllowsArbitraryLoads</key>
      <true/>
</dict>

But this is not the recommended way to do so. You have to add exceptions to the domain(s) you want to access, like :

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

You can find all the info you need in this question

Upvotes: 0

Related Questions