我正在开发与安装了GoDaddy证书的HTTPS服务器进行通信的iOS应用程序(https://www.godaddy.com/web-security/ssl-certificate - 第一个选项)。
这是错误日志
CFNetwork SSLHandshake failed (-9801)
2016-03-21 16:58:37.853 [2451:2129735] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Optional(Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x13f5cb700 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFNetworkCFStreamSSLErrorOriginalValue=-9801, kCFStreamErrorDomainKey=3, kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://******.com:9001/api/terms/, NSErrorFailingURLStringKey=https://******.com:9001/api/terms/, kCFStreamErrorDomainKey=3})
Server error
2016-03-21 16:58:37.927 [2451:2129735] CFNetwork SSLHandshake failed (-9801)
2016-03-21 16:58:37.928 [2451:2129735] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
我使用ssllabs测试证书,结果如下:
Signature algorithm: SHA256withRSA
Key: RSA 2048 bits (e 65537)
Issuer: Go Daddy Secure Certificate Authority - G2
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 INSECURE Yes
SSL 2 No
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 112
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 2048 bits FS 112
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS 112
TLS_RSA_WITH_RC4_128_SHA (0x5) INSECURE 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011) ECDH secp256r1 (eq. 3072 bits RSA) FS INSECURE 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) 128
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 2048 bits FS 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp256r1 (eq. 3072 bits RSA) FS 128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) 256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 2048 bits FS 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp256r1 (eq. 3072 bits RSA) FS 256
这适用于iOS9握手:
Protocol Details
Server Name Indication (SNI) Yes
Secure Renegotiation Yes
TLS compression No
Session tickets No
OCSP stapling Yes
Signature algorithms SHA384/RSA, SHA256/RSA, SHA1/RSA, SHA384/ECDSA, SHA256/ECDSA, SHA1/ECDSA
Elliptic curves secp256r1, secp384r1, secp521r1
Next Protocol Negotiation Yes
Application Layer Protocol Negotiation Yes h2 h2-16 h2-15 h2-14 spdy/3.1 spdy/3 http/1.1
SSL 2 handshake compatibility No
对此有何建议?非常感谢!
答案 0 :(得分:0)
问题是我用来运行ssl服务器(https://github.com/teddziuba/django-sslserver)的这个模块实际上没有正常工作,它使用证书但是撤销了TLS1.2