SSL握手失败9801 - TCP连接 - Xcode 7

时间:2015-08-12 06:39:39

标签: ios ssl tcp xcode7

在基于Xcode 7(测试版)的应用程序中,TCP套接字连接(NSStream)失败并出现以下错误。

**CFNetwork SSLHandshake failed (-9801)

Stream Error -9801: The operation couldn’t be completed. (OSStatus error -9801.)**

在Info.plist中,我还在相关例外中包含了ATS。

<key>NSAppTransportSecurity</key>
  <dict>
  <key>NSAllowsArbitraryLoads</key>
    <true/>
          <key>XXdomain</key>

          <dict>
                  <key>NSExceptionAllowsInsecureHTTPLoads</key>
                  <true/>
                  <key>NSExceptionRequiresForwardSecrecy</key>
                  <false/>
          </dict>
  </dict>

但是在下面的代表中

- (void)stream:(NSStream *)stream handleEvent:(NSStreamEvent)eventCode

我得到的事件代码为8表示errorOccured。通过上述说明。

通过openSSL正确建立连接

openssl s_client -showcerts -connect XXX:ZZZ-ssl3

CONNECTED(00000003)

深度= 3 / C = US / O = XXX,Inc。/ OU = XXXX

验证错误:num = 19:证书链中的自签名证书

验证返回:0

证书链

0 s:/ C = US / ST =纽约/ L =纽约/ O = XXX / OU = XXX / CN = XXX   i:/ C = US / O = Symantec Corporation / OU = Symantec Trust Network / CN = Symantec Class 3安全服务器CA - G4

----- BEGIN CERTIFICATE

MIIFGTCCBAGgAwIBAgIQbfM51mUYqjtW9jExlV1z6zANBgkqhkiG9w0BAQsFADB + .... VXDdeaPZWHp / cTAlAQ ==

----- END CERTIFICATE

1 s:/ C = US / O = Symantec Corporation / OU = Symantec Trust Network / CN = Symantec Class 3安全服务器CA - G4   i:/ C = US / O = VeriSign,Inc. / OU = VeriSign Trust Network / OU =(c)2006 VeriSign,Inc。 - 仅供授权使用/ CN = VeriSign Class 3公共主要认证机构 - G5 -----开始证书

MIIFODCCBCCgAwIBAgIQUT + 5dDhwtzRAQY0wkwaZ / zANBgkqhkiG9w0BAQsFADCB

... Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT + sjHLF + 8fk1A / yO0 + MKcc =

----- END CERTIFICATE

2 s:/ C = US / O = VeriSign,Inc. / OU = VeriSign Trust Network / OU =(c)2006 VeriSign,Inc。 - 仅供授权使用/ CN = VeriSign Class 3公共主要证书颁发机构 - G5   i:/ C = US / O = VeriSign,Inc。/ OU = Class 3公共主要证书颁发机构 -----开始证书----- MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4 / TANBgkqhkiG9w0BAQUFADBf ... tOxFNfeKW / 9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ + XR3 / -----结束证书----- 3 s:/ C = US / O = VeriSign,Inc。/ OU = Class 3 Public Primary Certification Authority   i:/ C = US / O = VeriSign,Inc。/ OU = Class 3公共主要证书颁发机构 -----开始证书

MIICPDCCAaUCEDyRMcsf9tAbDpq40ES / Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG ... 2HUw19JlYD1n1khVdWk / kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW / d / xwzoiQ

- END CERTIFICATE

服务器证书

主题= / C = US / ST =纽约/ L =纽约/ O = XXXX / OU = XXXe / CN = XXX

issuer = / C = US / O = Symantec Corporation / OU = Symantec Trust Network / CN = Symantec Class 3安全服务器CA - G4 

No client certificate CA names sent

SSL handshake has read 4655 bytes and written 434 bytes


New, TLSv1/SSLv3, Cipher is AES256-SHA

Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:

Protocol  : SSLv3

Cipher    : AES256-SHA

Session-ID: A159CA3FAFF5A23E7CE47C2C1DD21C91310A3820F5A5D1EDE38D451613CAE704

Session-ID-ctx:

Master-Key: XXXXX

Key-Arg  : None

Start Time: 1439320578

Timeout  : 7200 (sec)

验证返回码:0(ok)

1 个答案:

答案 0 :(得分:0)

在iOS 9.0中,最低支持仅适用于TLS 1.0和服务器支持的SSL 3.0。所以我得到了上述错误。

我们可以使用os ei capitain中的以下命令检查ATS兼容性

/ usr / bin / nscurl --ats-diagnostics [URL]

实施例   / usr / bin / nscurl --ats-diagnostics https://apple.com

相关问题
最新问题