我尝试使用启用了SSL的NSStream连接到具有自定义协议的服务器。虽然我不断收到这些错误:
控制台:
CFNetwork SSLHandshake failed (-9850)
来自[stream streamError]的应用内部:
OSStatus error -9850.
确保服务器' SSL实现没有搞砸,我也尝试使用socat作为中介:
socat -d -d openssl-listen:1588,fork,cert=server.pem,verify=0 TCP4:localhost:1589
我禁用了证书链检查,以确保证书本身没有错误: CFDictionaryAddValue(sslDictionary,CFStreamSSLValidatesCertificateChain,kCFBooleanFalse);
我的最后一点是设置NSAppTransportSecurity设置,如下所示:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSExceptionDomains</key>
<dict>
<key>my.domain</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
</dict>
</dict>
行为零变化。
答案 0 :(得分:0)
已从会话更新例外密钥的名称。有关新名称,请参阅App Transport Security Technote。
NSTemporaryExceptionAllowsInsecureHTTPLoads
-> NSExceptionAllowsInsecureHTTPLoads
NSTemporaryExceptionRequiresForwardSecrecy
-> NSExceptionRequiresForwardSecrecy
NSTemporaryExceptionMinimumTLSVersion
-> NSExceptionMinimumTLSVersion