Alamofire联网REST呼叫抛出SSL错误(突然)

时间:2019-06-14 13:23:15

标签: ios swift security networking alamofire

已通读了许多SO问题,并尝试了一些可能的解决方案,但无济于事。在几个月的时间内,通过开发人员对REST API的简单Alamofire调用(https://api.usno.navy.mil/rstt/oneday?date=06/14/2019&coords=31.575,-81.19)就已经完美地进行了开发(应用尚未投入生产)。昨天开始抛出:

“发生SSL错误,无法建立到服务器的安全连接。”

已将以下内容添加到info.plist中:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSExceptionDomains</key>
        <dict>
            <key>api.usno.navy.mil</key>
            <dict>
                <key>NSAllowsArbitraryLoads</key>
                <false/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
    </dict>

Alamofire调用非常简单(到目前为止,它一直完美地返回JSON:

Alamofire.request(url).responseJSON { response in...

SSL实验室为USNO网站授予“ C”等级。不支持TLS 1.2。我绝对不是网络专家。看过Alamofire Github站点中的一些雷达。不清楚我在哪里想念它。

这是失败的完整调试日志。

2019-06-14 09:03:28.369097-0400 Clima[3040:912561] [BoringSSL] boringssl_context_alert_callback_handler(3724) [C21.1:2][0x111bdcc10] Alert level: fatal, description: protocol version
2019-06-14 09:03:28.369183-0400 Clima[3040:912561] [BoringSSL] boringssl_context_error_print(3676) boringssl ctx 0x2835a8360: 4591481704:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/handshake_client.cc:557:
2019-06-14 09:03:28.369208-0400 Clima[3040:912561] [BoringSSL] boringssl_context_get_error_code(3581) [C21.1:2][0x111bdcc10] SSL_AD_PROTOCOL_VERSION
2019-06-14 09:03:28.370835-0400 Clima[3040:912561] TIC TCP Conn Failed [21:0x280249680]: 3:-9836 Err(-9836)
2019-06-14 09:03:28.452934-0400 Clima[3040:912561] [BoringSSL] boringssl_context_alert_callback_handler(3724) [C22.1:2][0x111bbd280] Alert level: fatal, description: protocol version
2019-06-14 09:03:28.453033-0400 Clima[3040:912561] [BoringSSL] boringssl_context_error_print(3676) boringssl ctx 0x2835a80b0: 4591481704:error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL:/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/handshake_client.cc:557:
2019-06-14 09:03:28.453066-0400 Clima[3040:912561] [BoringSSL] boringssl_context_get_error_code(3581) [C22.1:2][0x111bbd280] SSL_AD_PROTOCOL_VERSION
2019-06-14 09:03:28.454644-0400 Clima[3040:912561] TIC TCP Conn Failed [22:0x280248900]: 3:-9836 Err(-9836)
2019-06-14 09:03:28.490311-0400 Clima[3040:912561] [BoringSSL] boringssl_session_errorlog(224) [C23.1:2][0x111bbbe00] [boringssl_session_handshake_incomplete] SSL_ERROR_SSL(1): operation failed within the library
2019-06-14 09:03:28.490403-0400 Clima[3040:912561] [BoringSSL] boringssl_session_handshake_error_print(205) [C23.1:2][0x111bbbe00] 4591481704:error:10000118:SSL routines:OPENSSL_internal:reason(280):/BuildRoot/Library/Caches/com.apple.xbs/Sources/boringssl/boringssl-109.250.2/ssl/ssl_versions.cc:258:
2019-06-14 09:03:28.490442-0400 Clima[3040:912561] [BoringSSL] nw_protocol_boringssl_handshake_negotiate_proceed(480) [C23.1:2][0x111bbbe00] Handshake failed. Disconnecting the session
2019-06-14 09:03:28.492968-0400 Clima[3040:912561] TIC TCP Conn Failed [23:0x28022a340]: 3:-9858 Err(-9858)
2019-06-14 09:03:28.494013-0400 Clima[3040:912561] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9858)
2019-06-14 09:03:28.494069-0400 Clima[3040:912561] Task <73E19CEE-005F-4B0A-A79E-7D4B15A5A521>.<6> HTTP load failed (error code: -1200 [3:-9858])
2019-06-14 09:03:28.494773-0400 Clima[3040:912561] Task <73E19CEE-005F-4B0A-A79E-7D4B15A5A521>.<6> finished with error - code: -1200
2019-06-14 09:03:28.496257-0400 Clima[3040:912188] Task <73E19CEE-005F-4B0A-A79E-7D4B15A5A521>.<6> load failed with error Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=https://api.usno.navy.mil/rstt/oneday?date=06/14/2019&coords=31.575,-81.19, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <73E19CEE-005F-4B0A-A79E-7D4B15A5A521>.<6>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
    "LocalDataTask <73E19CEE-005F-4B0A-A79E-7D4B15A5A521>.<6>"
), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://api.usno.navy.mil/rstt/oneday?date=06/14/2019&coords=31.575,-81.19, NSUnderlyingError=0x28380d9e0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9858, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9858}}, _kCFStreamErrorCodeKey=-9858} [-1200]

任何解决方案,帮助或见解都将受到高度赞赏。很想了解为什么以及为什么。

1 个答案:

答案 0 :(得分:0)

回答我自己的问题。我确定这不是此问题所有实例的答案。目前,USNO站点仅最多支持TLS 1.1,因此在info.plist中的此项解决了当前的问题。

<key>NSThirdPartyExceptionMinimumTLSVersion</key> 
<string>TLSv1.1</string>

该条目位于域字典的<key>NSExceptionDomains</key>

暂时解决。

相关问题
最新问题