SSL握手失败9801-TCP连接-Xcode 7
[英]SSL Handshake failed 9801 - TCP connection - Xcode 7
问题描述
In the app , built on Xcode 7 (beta) , TCP socket connection (NSStream) fails with below error. 
在基于Xcode 7(测试版)的应用中,TCP套接字连接(NSStream)失败,并出现以下错误。
**CFNetwork SSLHandshake failed (-9801)
Stream Error -9801: The operation couldn’t be completed. (OSStatus error -9801.)**
In the Info.plist I have also included the ATS following related exceptions. 在Info.plist中,我还包含了以下相关异常的ATS。
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>XXdomain</key>
<dict>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
But in the below delegate 但是在下面的代表
-(void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode -(void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode
I got the event code as 8 indicating errorOccured. 我得到的事件代码为8,指示errorOccured。 With the above mentioned description. 通过上述说明。
Connection established properly through openSSL 通过openSSL正确建立连接
openssl s_client -showcerts -connect XXX:ZZZ-ssl3 openssl s_client -showcerts -connect XXX:ZZZ-ssl3
CONNECTED(00000003) 连(00000003)
depth=3 /C=US/O=XXX, Inc./OU=XXXX depth = 3 / C = US / O = XXX,Inc./OU=XXXX
verify error:num=19:self signed certificate in certificate chain 验证错误:num = 19:证书链中的自签名证书
verify return:0 验证返回:0
Certificate chain 证书链
0 s:/C=US/ST=New York/L=New York/O=XXX/OU=XXX/CN=XXX i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 0 s:/ C = US / ST = New York / L = New York / O = XXX / OU = XXX / CN = XXX i:/ C = US / O = Symantec Corporation / OU = Symantec Trust Network / CN = Symantec 3类安全服务器CA-G4
-----BEGIN CERTIFICATE -----白金证书
MIIFGTCCBAGgAwIBAgIQbfM51mUYqjtW9jExlV1z6zANBgkqhkiG9w0BAQsFADB+ .... VXDdeaPZWHp/cTAlAQ== MIIFGTCCBAGgAwIBAgIQbfM51mUYqjtW9jExlV1z6zANBgkqhkiG9w0BAQsFADB + .... VXDdeaPZWHp / cTAlAQ ==
-----END CERTIFICATE -----结束证书
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 -----BEGIN CERTIFICATE 1 s:/ C = US / O = Symantec Corporation / OU = Symantec Trust Network / CN = Symantec Class 3 Secure Server CA-G4 i:/ C = US / O = VeriSign,Inc./OU=VeriSign Trust Network / OU =(c)2006 VeriSign,Inc.-仅供授权使用/ CN = VeriSign Class 3公共一级证书颁发机构-G5 ----- BEGIN证书
MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB MIIFODCCBCCgAwIBAgIQUT + 5dDhwtzRAQY0wkwaZ / zANBgkqhkiG9w0BAQsFADCB
... Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc= ... Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT + sjHLF + 8fk1A / yO0 + MKcc =
-----END CERTIFICATE -----结束证书
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -----BEGIN CERTIFICATE----- MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf ... tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/ -----END CERTIFICATE----- 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -----BEGIN CERTIFICATE 2秒:/ C = US / O = VeriSign,Inc./OU=VeriSign信任网络/ OU =(c)2006 VeriSign,Inc.-仅供授权使用/ CN = VeriSign 3类公共主要证书颁发机构-G5 i: / C = US / O = VeriSign,Inc./OU=第3类公共一级证书颁发机构----- BEGIN证书----- MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4 / TANBgkqhkiG9w0BAQUFADBf ...证书----- 3 s:/ C = US / O = VeriSign,Inc./OU= 3类公共主要证书颁发机构i:/ C = US / O = VeriSign,Inc./OU= 3类公共主要证书颁发机构权威----- BEGIN证书
MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG ... 2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ MIICPDCCAaUCEDyRMcsf9tAbDpq40ES / Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG ... 2HUw19JlYD1n1khVdWk / kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW / D / x
--END CERTIFICATE -结束证书
Server certificate 服务器证书
subject=/C=US/ST=New York/L=New York/O=XXXX/OU=XXXe/CN=XXX subject = / C = US / ST = New York / L = New York / O = XXXX / OU = XXXe / CN = XXX
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 发行者= / C = US / O = Symantec Corporation / OU = Symantec Trust Network / CN = Symantec Class 3安全服务器CA-G4
No client certificate CA names sent
SSL handshake has read 4655 bytes and written 434 bytes
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : AES256-SHA
Session-ID: A159CA3FAFF5A23E7CE47C2C1DD21C91310A3820F5A5D1EDE38D451613CAE704
Session-ID-ctx:
Master-Key: XXXXX
Key-Arg : None
Start Time: 1439320578
Timeout : 7200 (sec)
Verify return code: 0 (ok) 验证返回码:0(确定)
1 个解决方案
解决方案1
0 2015-11-11 15:04:43
In iOS 9.0 minimum support is for TLS 1.0 and server supported SSL 3.0 only. 在iOS 9.0中,最低支持仅对TLS 1.0和服务器支持的SSL 3.0。 So I got the above error. 所以我得到了上面的错误。
We can check ATS compatibility using the below command in os ei capitain 我们可以在os ei capitain中使用以下命令检查ATS兼容性
/usr/bin/nscurl --ats-diagnostics [URL] / usr / bin / nscurl --ats-diagnostics [URL]
Example /usr/bin/nscurl --ats-diagnostics https://apple.com 示例/ usr / bin / nscurl --ats-diagnostics https://apple.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.