iOS App传输安全性问题
[英]iOS App Transport Security issue
问题描述
TL; 
TL; DR: DR:
I have an iOS app connecting to a webservice that does not meet the minimum requirements for the new ATS feature. 我有一个iOS应用程序连接到不符合新ATS功能的最低要求一个web服务。 I have modified my Info.plist to allow an exception so my app can still connect to the webservice. 我已经修改了Info.plist以允许例外,因此我的应用程序仍可以连接到Web服务。 ( NSURLSession/NSURLConnection HTTP load failed on iOS 9 ) This works correctly in development, however, the update I just pushed to the store still fails to hit the webservice. ( iOS 9上的NSURLSession / NSURLConnection HTTP加载失败 )在开发中可以正常工作,但是, 我刚刚推送到商店的更新仍然无法访问Web服务。 I don't know where the disconnect is happening or how to fix this. 我不知道断开发生在哪里或如何解决。
=== ===
First off, this is all happening in an emulator, and the same behavior when I deploy directly to my ipad in xcode: 首先,这都是在模拟器中发生的,当我直接在xcode中部署到ipad时,行为相同:
I am trying to connect to a webservice over https in my iOS app. 我正在尝试通过iOS应用中的https连接到Web服务。 I am now getting this error everytime I try to connect to the webservice: 现在,每次尝试连接到Web服务时都会出现此错误:
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)
It is my understanding that this is happening because the new ATS feature is not allowing the connection. 据我了解,这是由于新的ATS功能不允许连接而发生的。 I have confirmed this by applying the fix ( NSURLSession/NSURLConnection HTTP load failed on iOS 9 ) to my Info.plist file: 我已通过将修复程序( iOS 9上的NSURLSession / NSURLConnection HTTP加载失败 )应用于我的Info.plist文件来确认这一点:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>mydomain.com</key>
<dict>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
</dict>
</dict>
</dict>
Once I put that in, it connects to the webservice without issue. 一旦输入,它就可以毫无问题地连接到Web服务。
Apparantly, while my server meets the TLS 1.2 requirement, and cipher requirement, it does not meet the signature requirement ( https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35 ) 显然,虽然我的服务器符合TLS 1.2要求和密码要求,但它不符合签名要求( https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html #// apple_ref / doc / uid / TP40009251-SW35 )
However, I have made an update to my app and pushed to the app store, but the store version of my app is unable to connect to the web service. 但是,我已经对我的应用程序进行了更新并推送到应用程序商店,但是我的应用程序的商店版本无法连接到Web服务。 The very same code builds fine on my local machine and runs on my device when deployed to it from xcode, but the version in the store seems to be ignoring the .plist fix. 从xcode部署到本地计算机上时,相同的代码可以很好地构建并在设备上运行,但是商店中的版本似乎忽略了.plist修复程序。 How can I fix this? 我怎样才能解决这个问题? This makes no sense to me at all. 这对我完全没有意义。
2 个解决方案
解决方案1
0 2015-10-07 19:50:11
Try this version of configurations for info.plist : 尝试使用此版本的info.plist配置:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>www.example.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
EDIT: try specifying NSExceptionRequiresForwardSecrecy to NO as well. 编辑:尝试也将NSExceptionRequiresForwardSecrecy指定为NO 。
解决方案2
0 2015-10-07 20:09:48
Try add the following code to your info.plist 尝试将以下代码添加到您的info.plist
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads<key><true/>
</dict>
For more information see the link: apple forum 有关更多信息,请参见链接: 苹果论坛
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.