An SSL error has occurred and a secure connection to the server cannot be made. error is seen in iOS 10 devices.

[mnang]

we're GTMHTTPFecther class in my project and it was working fine until iOS 9.3 version. After upgrade to iOS 10 we're seeing SSL connection issues and unable to fetch the data.
Is there anything i need to change in gtm-http-fecther class to support iOS 010?
this is the error we're seeing:
An SSL error has occurred and a secure connection to the server cannot be made., _kCFStreamErrorDomainKey=3
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802).
We're using TLS1.0 on the server side with SHA-1 connection. I've added all the ATS exceptions to plist file but still no luck.
Any help would be appreciated.

[thomasvl]

Nothing immediately jumps to mind. Aside: depending on what your min version supported is, you might want to switch to https://github.com/google/gtm-session-fetcher (but that likely will be some more work then you want at the moment).

Apple has been cranking up the SSL requirements, so it could be that using the iOS 10 sdk is requiring you have more explicit info.plist keys also to go with things. So you might want to revisit Apple's release notes/docs about things like NSAppTransportSecurity.

[mnang]

I'm using new Xcode version 8.0 and the deployment target was set to 8.0 by default. I've changed to 6.0. Is that you mean by min version?
here is my ATS settings:

NSAppTransportSecurity

NSAllowsArbitraryLoads

NSExceptionDomains
hostname

NSIncludesSubdomains
rue/>
NSTemporaryExceptionAllowsInsecureHTTPLoads

NSExceptionRequiresForwardSecrecy

let me know if this is correct.

[mwyman]

Apple really discourages TLS < v1.2. If you can't update your server, you may need to add ATS keys such as NSExceptionMinimumTLSVersion (see: https://developer.apple.com/library/content/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html)

[mnang]

Thanks for the reply, but i've added the ATS to plist.
Please see the details below:

Do i need to add any other details?

[thomasvl]

You mentioned TLS1.0 in the initial comment, but 1.1 in your last comment. If you are 1.0, then the 1.1 value likely isn't enough, right?

[mnang]

I've added as 1.0, but still getting the same error:

NSErrorClientCertificateStateKey=0}, error Code -1200, error message An SSL error has occurred and a secure connection to the server cannot be made.

_kCFStreamErrorCodeKey=-9802}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made.

[thomasvl]

This issue being discussed here isn't about the Fetcher code, it is about your server and convincing the OS to allow you to talk to it. If your server is TLS1.0, then (as I read it) requesting an exception for 1.1 isn't going to work. You likely want to read up some of the linked docs and Apple's general iOS 10 notes about the added networking security they are doing/requiring.

[mnang]

We've changed our QA servers to TLSv1.2 and here are my ATS settings. Still fails at the connection:
Am I forgetting any other settings:

Thanks for your help.

[thomasvl]

Closing this out since it looks like a site specific config and not something with the library itself.

[mansuu]

I got strange situation. My phone is having iOS version 12.1.2, but I got error "An SSL error has occurred and a secure connection to the server cannot be made". What I did is updated my plist file(Added NSTemporaryExceptionMinimumTLSVersion TLSv1.0). App run fine and again I removed the changes I made in info.plist. Now It's running fine. So, I am not able to find the actual reason for this error. Any suggestion?

[mvalbuquerque]

i have the same Problem
Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."