如果你的後端使用你開始使用NSURLSession
CFNetwork SSLHandshake failed (-9801)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
爲y的安全連接螞蟻OU需要特別檢查服務器配置以獲得ATS版本和SSL證書信息:通過設置NSExceptionAllowsInsecureHTTPLoads = YES
而不是僅僅允許不安全的連接,而不是你需要允許的情況下,較低的安全您的服務器不符合分鐘要求(v1.2)(或更好地修復服務器端)。
允許較低的安全在單臺服務器
<key>NSExceptionDomains</key>
<dict>
<key>api.yourDomaine.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
使用OpenSSL客戶調查證書和使用OpenSSL的客戶端讓你的服務器配置:
openssl s_client -connect api.yourDomaine.com:port //(you may need to specify port or to try with https://... or www.)
..find末
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: //
Session-ID-ctx:
Master-Key: //
Key-Arg : None
Start Time: 1449693038
Timeout : 300 (sec)
Verify return code: 0 (ok)
App Transpor t安全性(ATS)要求傳輸層安全性(TLS)協議版本1.2。
Requirements for Connecting Using ATS:
The requirements for a web service connection to use App Transport Security (ATS) involve the server, connection ciphers, and certificates, as follows:
Certificates must be signed with one of the following types of keys:
- Secure Hash Algorithm 2 (SHA-2) key with a digest length of at least 256 (that is, SHA-256 or greater)
Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits An invalid certificate results in a hard failure and no connection.
The following connection ciphers support forward secrecy (FS) and work with ATS:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
更新:事實證明,OpenSSL的只提供最低限度的協議版本協議:使用TLSv1 links
非常感謝您的回覆,希望文檔能夠提到構建域例外的關鍵。再次感謝,你的回答非常明確,我知道很多其他人在ios9 beta論壇 – user3099837
下看到相同的東西,你可以發佈文檔鏈接嗎? – yuhua
我認爲它是如此新,他們還沒有更新他們的文檔,當他們說他會更新答案。 – user3099837