iOS:NSInputStream / NSOutputStream - CFNetwork SSLHandshake失敗(-9806)
[英]iOS : NSInputStream / NSOutputStream - CFNetwork SSLHandshake failed (-9806)
問題描述
我正在嘗試打開輸入/輸出流到安全服務器,但繼續獲取 CFNetwork SSLHandshake失敗(-9806)
我為異常域等設置了plist值
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>someserver.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSThirdPartyExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
</dict>
我也在plist中試過這個:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
這是我的代碼:
-(void)startStream{
NSString *urlStr = @"https://stream.someserver.com";
NSURL *website = [NSURL URLWithString:urlStr];
CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
CFStreamCreatePairWithSocketToHost(NULL, (CFStringRef)CFBridgingRetain([website host]), 443, &readStream, &writeStream);
NSInputStream *inputStream = (__bridge_transfer NSInputStream *)readStream;
NSOutputStream *outputStream = (__bridge_transfer NSOutputStream *)writeStream;
[inputStream setDelegate:self];
[outputStream setDelegate:self];
[inputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[outputStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
NSMutableDictionary *settings = [NSMutableDictionary dictionaryWithCapacity:1];
[settings setObject:(NSString *)NSStreamSocketSecurityLevelTLSv1 forKey:(NSString *)kCFStreamSSLLevel];
[settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLValidatesCertificateChain];
[settings setObject:@"stream.someserver.com" forKey:(NSString *)kCFStreamSSLPeerName];
CFWriteStreamSetProperty((CFWriteStreamRef)outputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
CFReadStreamSetProperty((CFReadStreamRef)inputStream, kCFStreamPropertySSLSettings, (CFTypeRef)settings);
[inputStream open];
[outputStream open];
}
在 CFNetwork SSLHandshake失敗(-9806)錯誤被拋出之前,流打開后有大約5秒的延遲 。
注意:安全服務器不是我的,我無法更改任何設置。 它是經過測試和建立的服務器,具有許多用戶流
3 個解決方案
解決方案1
1 2017-02-05 16:02:40
我不確定ssl連接握手中哪個階段失敗,但您可以嘗試將設置字典更改為以下內容:
NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredRoots,
[NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
//kCFNull,kCFStreamSSLPeerName,
kCFStreamSocketSecurityLevelSSLv3, kCFStreamSSLLevel,
[NSNumber numberWithBool:YES], kCFStreamPropertyShouldCloseNativeSocket,
nil];
如果成功,請刪除上面定義的每個“安全漏洞”。
解決方案2
1 2017-02-20 10:24:24
查看Apple文檔 ,您似乎使用了錯誤的密鑰。
例如
-
NSThirdPartyExceptionMinimumTLSVersion必須是NSExceptionMinimumTLSVersion -
NSTemporaryExceptionAllowsInsecureHTTPLoads必須是NSExceptionAllowsInsecureHTTPLoads - 和ecc ...
解決方案3
1 2017-02-21 13:47:06
在SSL設置中,將kCFStreamSSLValidatesCertificateChain為@NO以完全禁用服務器信任評估。
在委托實現中,首次獲取NSStreamEventHasSpaceAvailable或NSStreamEventHasBytesAvailable狀態時,從流中檢索kCFStreamPropertySSLPeerTrust屬性。
您應該獲得SecTrustRef ,您可以評估並獲取以下信息:
SecTrustRef trust = (SecTrustRef)[stream propertyForKey:kCFStreamPropertySSLPeerTrust];
SecTrustResultType trustResult;
OSStatus status = SecTrustEvaluate(trust, &trustResult);
if (status != errSecSuccess) {
NSLog(@"failed to evaluate");
} else {
OSStatus trustResultCode = SecTrustGetTrustResult(trust, &trustResult);
}
最終的trustResultCode應該為您提供信任評估失敗的具體原因。 根據具體原因,您可以修改SecTrustRef或創建一個全新的以獲得成功的評估。
Apple技術說明HTTPS服務器信任評估非常有用。
iOS Web視圖中的3d安全URL給出錯誤CFNetwork SSLHandshake失敗(-9806)?
[英]3d secure url in iOS web view give error CFNetwork SSLHandshake failed (-9806)?
CFNetwork SSLHandSke僅在3G / 4G上失敗(-9806)(不在Wifi上)
[英]CFNetwork SSLHandshake failed (-9806) only on 3G/4G (Not on Wifi)
如何在iOS中處理“ CFNetwork SSLHandshake失敗(-9807)”
[英]How to handle “CFNetwork SSLHandshake failed(-9807)” in iOS
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
CFNetwork SSLHandshake失敗(-9806)iOS 9.3
CFNetwork SSLHandshake失敗(-9806) - xcode
獲取CFNetwork SSLHandshake失敗(-9806)錯誤
如何解決“CFNetwork SSLHandshake失敗(-9806)”
CFNetwork SSLHandshake 失敗 iOS 9
iOS Web視圖中的3d安全URL給出錯誤CFNetwork SSLHandshake失敗(-9806)?
CFNetwork SSLHandSke僅在3G / 4G上失敗(-9806)(不在Wifi上)
CFNetwork SSLHandshake在iOS 8.1中失敗(-9805)
如何在iOS中處理“ CFNetwork SSLHandshake失敗(-9807)”
iOS 8.4 CFNetwork SSLHandshake失敗(-9850)
相關標簽