SSL handshake fail on IOS only

Question

I'm developing an app using cordova (5.2.0). On mac I'm using Xcode 6.4 to generate the .ipa

At some point I initialize a secure websocket connexion (certificates are not self signed, length is 2048) like this in js:

socket_ip = new WebSocket(wss://perform.domain.com:8080, "image-processing-protocol");

The connexion is working on Android and also from desktop browser (safari too).

However, from my Iphone(8.4) I got a :

CFNetwork SSLHandshake failed (-9807) which means "Invalid certificate chain"

On server side the message I got is:

error:00000005:lib(0):func(0):DH

My sever configuration is:

• info.ssl_cert_filepath = "sslCertificates/myCert.cer";
• info.ssl_private_key_filepath ="sslCertificates/myCert";
• info.ssl_ca_filepath ="sslCertificates/GlobalSignRootCA.cer"
• info.ssl_cipher_list ="RC4-SHA:AES128-SHA:HIGH:!aNULL:!MD5"

Looks like my issue is similat to openssl-ssl-accept-error-5 . I then tried to set up a cipher list without DH but I still got the error. I am probably missing something to configure on my libsocket server.

As long as I'm using a commercial certificate and it's working with other devices I don't understand with the connexion with IOS failed.

Any Help would be much appreciated, Thanks!

Answer 1

I did the checks as Steffen suggested. Solution was to set elliptic curve Diffie Hellman protocol up within libwebsocket.

Thanks for your help.

Answer 2

Is there an intermediate certificate from GlobalSignRootCA that you also have to add?