iOS App Transport Security issue

Question

TL; DR:

I have an iOS app connecting to a webservice that does not meet the minimum requirements for the new ATS feature. I have modified my Info.plist to allow an exception so my app can still connect to the webservice. ( NSURLSession/NSURLConnection HTTP load failed on iOS 9 ) This works correctly in development, however, the update I just pushed to the store still fails to hit the webservice. I don't know where the disconnect is happening or how to fix this.

===

First off, this is all happening in an emulator, and the same behavior when I deploy directly to my ipad in xcode:

I am trying to connect to a webservice over https in my iOS app. I am now getting this error everytime I try to connect to the webservice:

NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

It is my understanding that this is happening because the new ATS feature is not allowing the connection. I have confirmed this by applying the fix ( NSURLSession/NSURLConnection HTTP load failed on iOS 9 ) to my Info.plist file:

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>mydomain.com</key>
    <dict>
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <key>NSIncludesSubdomains</key>
      <true/>
      </dict>
  </dict>
</dict>

Once I put that in, it connects to the webservice without issue.

Apparantly, while my server meets the TLS 1.2 requirement, and cipher requirement, it does not meet the signature requirement ( https://developer.apple.com/library/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35 )

However, I have made an update to my app and pushed to the app store, but the store version of my app is unable to connect to the web service. The very same code builds fine on my local machine and runs on my device when deployed to it from xcode, but the version in the store seems to be ignoring the .plist fix. How can I fix this? This makes no sense to me at all.

Answer 1

Try this version of configurations for info.plist :

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSExceptionDomains</key>
    <dict>
        <key>www.example.com</key>
        <dict>
            <key>NSIncludesSubdomains</key>
            <true/>
            <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
            <true/>
            <key>NSTemporaryExceptionMinimumTLSVersion</key>
            <string>TLSv1.1</string>
        </dict>
    </dict>
</dict>

EDIT: try specifying NSExceptionRequiresForwardSecrecy to NO as well.

Answer 2

Try add the following code to your info.plist

<key>NSAppTransportSecurity</key>  
     <dict>  
      <key>NSAllowsArbitraryLoads<key><true/>  
     </dict>  

For more information see the link: apple forum