iOS應用程序無法通過GoDaddy SSL證書與HTTPS服務器通信

Question

我正在開發與正在安裝GoDaddy證書的HTTPS服務器通信的iOS應用程序（ https://www.godaddy.com/web-security/ssl-certificate-第一個選項）。

這是錯誤日志

    CFNetwork SSLHandshake failed (-9801)
2016-03-21 16:58:37.853 [2451:2129735] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Optional(Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x13f5cb700 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFNetworkCFStreamSSLErrorOriginalValue=-9801, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://******.com:9001/api/terms/, NSErrorFailingURLStringKey=https://******.com:9001/api/terms/, kCFStreamErrorDomainKey=3})
Server error
2016-03-21 16:58:37.927 [2451:2129735] CFNetwork SSLHandshake failed (-9801)
2016-03-21 16:58:37.928 [2451:2129735] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)

我用ssllabs測試證書，結果如下：

Signature algorithm: SHA256withRSA
Key: RSA 2048 bits (e 65537)
Issuer: Go Daddy Secure Certificate Authority - G2 
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3   INSECURE    Yes
SSL 2   No
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16)   DH 2048 bits   FS    112
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)   ECDH secp256r1 (eq. 3072 bits RSA)   FS  112
TLS_RSA_WITH_RC4_128_SHA (0x5)   INSECURE   128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   DH 2048 bits   FS 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)    128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45)   DH 2048 bits   FS    128
TLS_RSA_WITH_SEED_CBC_SHA (0x96)    128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a)   DH 2048 bits   FS    128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   INSECURE    128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)  128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67)   DH 2048 bits   FS  128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)  128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e)   DH 2048 bits   FS  128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   DH 2048 bits   FS 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)    256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88)   DH 2048 bits   FS    256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   ECDH secp256r1 (eq. 3072 bits RSA)   FS   256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)  256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b)   DH 2048 bits   FS  256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)  256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f)   DH 2048 bits   FS  256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp256r1 (eq. 3072 bits RSA)   FS    256

這是專門針對iOS9握手的：

Protocol Details
Server Name Indication (SNI)    Yes
Secure Renegotiation    Yes
TLS compression No
Session tickets No
OCSP stapling   Yes
Signature algorithms    SHA384/RSA, SHA256/RSA, SHA1/RSA,   SHA384/ECDSA,   SHA256/ECDSA,   SHA1/ECDSA
Elliptic curves secp256r1,  secp384r1,  secp521r1
Next Protocol Negotiation   Yes
Application Layer Protocol Negotiation  Yes   h2 h2-16 h2-15 h2-14 spdy/3.1 spdy/3 http/1.1
SSL 2 handshake compatibility   No

有什么建議嗎？ 非常感謝！

Answer 1

問題是，我用於運行ssl服務器（ https://github.com/teddziuba/django-sslserver ）的該模塊實際上未正常工作，並且它使用證書但撤消了TLS1.2