116

Since I upgraded my existing project with iOS 9, I keep getting the error :

An SSL error has occurred and a secure connection to the server cannot be made.

Stéphane Bruckert
  • 18,252
  • 10
  • 81
  • 113
Nanda
  • 1,247
  • 2
  • 10
  • 10

12 Answers12

129

For the iOS9, Apple made a radical decision with iOS 9, disabling all unsecured HTTP traffic from iOS apps, as a part of App Transport Security (ATS).

To simply disable ATS, you can follow this steps by open Info.plist, and add the following lines:

<key>NSAppTransportSecurity</key>
  <dict>
      <key>NSAllowsArbitraryLoads</key>
      <true/>
  </dict>
Stéphane Bruckert
  • 18,252
  • 10
  • 81
  • 113
Tony TRAN
  • 1,838
  • 1
  • 12
  • 15
  • 50
    I added above lines in plist, but still getting following error: An SSL error has occurred and a secure connection to the server cannot be made. NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9819 I am calling HTTPS request. Is there any other option for HTTPS? – AiOsN Oct 28 '15 at 17:57
  • 1
    AiOsN = same problem here, did you found a solution? – Franck Feb 05 '16 at 14:04
  • 7
    It seems to be a common misinterpretation, that NSAllowsArbitraryLoads is a switch to enable or disable ATS. As soon as you are doing a https:// request, you must ensure, that you meet the ATS-requirements: a valid certificate installed on the server (without wildcard, exactly matching the server's domain name), server supports TLS 1.2 with forward secrecy. – Christian May 04 '16 at 06:54
  • @Christian What's the source of these ATS requirements? I can't find anything about not supporting wildcard certificates. – Bart Oct 13 '16 at 10:59
  • @Bartosz Sorry, I cannot point you to an official document, it's just something that we have observed when updating our server infrastructure. – Christian Oct 20 '16 at 06:12
  • I updated the link, seem like Apple removed the old official document link. – Tony TRAN Oct 21 '16 at 04:26
  • @AiOsN I have added NSAllowsArbitraryLoads to the plist, But still getting the error 'an SSL error has occurred and a secure connection to the server cannot be made' in some networks. Adding my server's domain to 'NSExceptionDomains' will solve the problem? I'm using iOS11 – Ashok Dec 19 '17 at 06:57
68

Even though allowing arbitrary loads (NSAllowsArbitraryLoads = true) is a good workaround, you shouldn't entirely disable ATS but rather enable the HTTP connection you want to allow:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>yourserver.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>
Stéphane Bruckert
  • 18,252
  • 10
  • 81
  • 113
  • 2
    Much better than ignoring all security problems. Amazon's S3 service uses weak encryption, and loading directly to their servers was causing problems, but this allowed us to open just the s3.amazonaws.com url, keeping the rest inline. Awesome! – mix3d Dec 04 '15 at 20:45
  • 3
    The server I was trying to reach was using TLSv1.0. I had to add NSExceptionMinimumTLSVersion for tls1.0 to bypass the SLL error – Ispas Claudiu Nov 01 '18 at 16:53
  • This answer worked for me. I was using a WKWebView and trying to make an SSL request to the API server. – Fan Jin Nov 01 '18 at 17:25
  • Hi @Stéphane, I got strange situation. My phone is having iOS version 12.1.2, but I got error "An SSL error has occurred and a secure connection to the server cannot be made". What I did is updated my plist file. App run fine and again I removed the changes I made in info.plist. Now It's running fine. So, I am not able to find the actual reason for this error. Any suggestion? – Mansuu.... Jan 28 '19 at 06:31
  • @Mansuu.... did you try to use TLSv1.0 as suggested in the comments above? – Stéphane Bruckert Feb 01 '19 at 16:46
  • @StéphaneBruckert Yes I updated my plist file as suggested above(NSTemporaryExceptionMinimumTLSVersion - TLS V1.0"). My app run fine then I removed that "NSTemporaryExceptionMinimumTLSVersion - TLS V1.0" entry I made but still app runs fine. So I could not find the reason why is it happening. – Mansuu.... Feb 04 '19 at 05:40
  • I have this config in my info.plist, but still two (out of hundreds of devices) fail to connect to my API, returning "An SSL error has occurred and a secure connection to the server cannot be made". – thomasgalliker Jul 27 '20 at 22:00
15

iOS 9 forces connections that are using HTTPS to be TLS 1.2 to avoid recent vulnerabilities. In iOS 8 even unencrypted HTTP connections were supported, so that older versions of TLS didn't make any problems either. As a workaround, you can add this code snippet to your Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

*referenced to App Transport Security (ATS)

enter image description here

TechSeeko
  • 1,511
  • 10
  • 19
14

If you are just targeting specific domains you can try and add this in your application's Info.plist:

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>example.com</key>
        <dict>
            <key>NSExceptionRequiresForwardSecrecy</key>
            <false/>
            <key>NSIncludesSubdomains</key>
            <true/>
        </dict>
    </dict>
</dict>
emotality
  • 11,710
  • 4
  • 34
  • 55
Nathan Noble
  • 666
  • 6
  • 13
  • This did not work for me. Yes, I put the correct domain in for "example.com". – Alyoshak Mar 10 '17 at 22:19
  • 1
    It's work for me. when I did the exemple only with the "Allow Arbitrary Loads" works but after stopped. When I used the key "NSExceptionRequiresForwardSecrecy" -> false and "NSIncludesSubdomains" -> true it works perfectly. Thanks a lot! – linhadiretalipe Mar 20 '17 at 11:25
  • 1
    This worked for me as well! Even though I am using https connection, I still faced the issue. There is no support for 'NSExceptionRequiresForwardSecrecy' currently. From what I read, this was not necessary to specify earlier, but looks like they have made this mandatory now as well. PS: I was trying with iOS 10.2.1 – Vaibhav Misra Apr 19 '17 at 07:49
6

It appears that iOS 9.0.2 breaks requests to valid HTTPS endpoints. My current suspicion is that it is requiring SHA-256 certs or it fails with this error.

To reproduce, inspect your UIWebView with safari, and try navigating to an arbitrary HTTPS endpoint:

location.href = "https://d37gvrvc0wt4s1.cloudfront.net/js/v1.4/rollbar.min.js"
// [Error] Failed to load resource: An SSL error has occurred and a secure connection to the server cannot be made. (rollbar.min.js, line 0)

Now try going to google (because of course they have a SHA-256 cert):

location.href = "https://google.com"
// no problemo

Adding an exception to transport security (as outlined by @stéphane-bruckert's answer above) works to fix this. I also assume that completely disabling NSAppTransportSecurity would work too, though I've read that completely disabling it can jeopardize your app review.

[EDIT] I've found that simply enumerating the domains I'm connecting to in the NSExceptionDomains dict fixes this problem, even when leaving NSExceptionAllowsInsecureHTTPLoads set to true. :\

steve
  • 2,964
  • 24
  • 25
2

The problem is the ssl certificate on server side. Either something is interfering or the certificate doesn't match the service. For instance when a site has a ssl cert for www.mydomain.com while the service you use runs on myservice.mydomain.com. That is a different machine.

Helge Becker
  • 2,960
  • 1
  • 17
  • 30
2

I get the same error when I specify my HTTPS URL as : https://www.mywebsite.com . However it works fine when I specify it without the three W's as : https://mywebsite.com .

Hashim Akhtar
  • 725
  • 2
  • 8
  • 15
0

Xcode project -> goto info.plist and Click + Button then Add (App Transport Security Settings)Expand, Allow Arbitrary Loads Set YES. Thanks

Shanmugasundharam
  • 2,046
  • 21
  • 31
0

My issue was NSURLConnection and that was deprecated in iOS9 so i changed all the API to NSURLSession and that fixed my problem.

NSURLConnection deprecated in iOS9

Akila Wasala
  • 1,948
  • 17
  • 18
0

In my case I faced this issue in my simulator because my computer's date was behind of current date. So do check this case too when you face SSL error.

Teena nath Paul
  • 2,029
  • 19
  • 26
0

I was getting below error on playback

finished with error [-1200] Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://remote-abcabc-svc.an.abc.com:1935/abr/_definst_/smil:v2/video/492F2F82592F59EA74ABAA6B9D6E6F42/F6B1BD452132329FBACD32730862CAE0/091EAD80FE9BEDD52A2F33840CA3CBAC.v3.eng.smil/playlist.m3u8, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <692A1174-DA1C-4267-9560-9020A79F8458>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <692A1174-DA1C-4267-9560-9020A79F8458>

I made sure that I added entry in exception domains in plist file and NSAllowsArbitraryLoads is set to true and still I was seeing an error.

Then I realized that I am playing URL with https and not http.

I set video url to http and problem solved.

Naren
  • 962
  • 6
  • 18
0

I was getting this error for some network calls and not others. I was connected to a public wifi. That free wifi seemed to bee tampering with certain URLs and hence the error.

When I connected to LTE that error went away!

Honey
  • 24,125
  • 14
  • 123
  • 212