[英]IOS application failing with communicating with HTTPS server with GoDaddy SSL certificate
I am developing iOS application that is communicating to the HTTPS server which has GoDaddy certificate installed ( https://www.godaddy.com/web-security/ssl-certificate - first option). 我正在开发与正在安装GoDaddy证书的HTTPS服务器通信的iOS应用程序( https://www.godaddy.com/web-security/ssl-certificate-第一个选项)。
This is the error log 这是错误日志
CFNetwork SSLHandshake failed (-9801)
2016-03-21 16:58:37.853 [2451:2129735] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Optional(Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x13f5cb700 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFNetworkCFStreamSSLErrorOriginalValue=-9801, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://******.com:9001/api/terms/, NSErrorFailingURLStringKey=https://******.com:9001/api/terms/, kCFStreamErrorDomainKey=3})
Server error
2016-03-21 16:58:37.927 [2451:2129735] CFNetwork SSLHandshake failed (-9801)
2016-03-21 16:58:37.928 [2451:2129735] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
I used ssllabs to test certificate and these are results: 我用ssllabs测试证书,结果如下:
Signature algorithm: SHA256withRSA
Key: RSA 2048 bits (e 65537)
Issuer: Go Daddy Secure Certificate Authority - G2
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 INSECURE Yes
SSL 2 No
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits FS 112
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS 112
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) ECDH secp256r1 (eq. 3072 bits RSA) FS INSECURE 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
And this is specific for iOS9 handshake: 这是专门针对iOS9握手的:
Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets No
OCSP stapling Yes
Signature algorithms SHA384/RSA, SHA256/RSA, SHA1/RSA, SHA384/ECDSA, SHA256/ECDSA, SHA1/ECDSA
Elliptic curves secp256r1, secp384r1, secp521r1
Next Protocol Negotiation Yes
Application Layer Protocol Negotiation Yes h2 h2-16 h2-15 h2-14 spdy/3.1 spdy/3 http/1.1
SSL 2 handshake compatibility No
Any advice on this? 有什么建议吗? Thanks a lot!
非常感谢!
问题是,我用于运行ssl服务器( https://github.com/teddziuba/django-sslserver )的该模块实际上未正常工作,并且它使用证书但撤消了TLS1.2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.