0
私はcordovaのサポートでHybrid Mobileアプリケーションを作成しました。SSL証明書のアプリケーション転送セキュリティでのエラー
このプロジェクトでは、セキュリティのためのSSL証明書を持つhttpsサーバにアクセスしようとしています。
アプリをエミュレートすると、次の2つのエラーがXcode7.2で発生しています。
CFNetwork SSLHandshake failed (-9824)
NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
info.plistの次のキーは機能しませんでした。コルドバを用いたハイブリッドモバイルアプリからHTTPSにアクセスする方法
?
私はnscurl --ats-diagnostics --verbose https://XXX.XXXX.XXX
ANFを実行するには、以下の結果を得た、
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://netbanking.utkarsh.bank.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{
}
2017-03-20 19:27:19.190 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.191 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf341b6f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Allowing Arbitrary Loads
---
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
Result : PASS
---
================================================================================
Configuring TLS exceptions for netbanking.utkarsh.bank
---
TLSv1.2
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
};
};
}
2017-03-20 19:27:19.612 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.612 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf360c3c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.1
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
};
};
}
2017-03-20 19:27:19.669 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.669 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3727cf0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.0
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
};
};
}
2017-03-20 19:27:19.725 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9824)
2017-03-20 19:27:19.726 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf371abe0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Configuring PFS exceptions for netbanking.utkarsh.bank
---
Disabling Perfect Forward Secrecy
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:19.784 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.785 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf354f3d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for netbanking.utkarsh.bank
---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:19.843 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.908 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.962 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:19.962 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3488c30 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
================================================================================
Configuring TLS exceptions with PFS disabled for netbanking.utkarsh.bank
---
TLSv1.2 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:20.020 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.021 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3534c00 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.1 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.0 with PFS disabled
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for netbanking.utkarsh.bank
---
TLSv1.2 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.2";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
2017-03-20 19:27:20.358 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.416 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.471 nscurl[16582:163070] CFNetwork SSLHandshake failed (-9801)
2017-03-20 19:27:20.471 nscurl[16582:163070] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9801, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, NSUnderlyingError=0x7fbdf3530fd0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9801, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9801}}, NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://netbanking.utkarsh.bank/, NSErrorFailingURLStringKey=https://netbanking.utkarsh.bank/, _kCFStreamErrorDomainKey=3}
---
---
TLSv1.1 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.1";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
---
TLSv1.0 with PFS disabled and insecure HTTP allowed
ATS Dictionary:
{
NSExceptionDomains = {
"netbanking.utkarsh.bank" = {
NSExceptionAllowsInsecureHTTPLoads = true;
NSExceptionMinimumTLSVersion = "TLSv1.0";
NSExceptionRequiresForwardSecrecy = false;
};
};
}
Result : PASS
---
================================================================================
Googleではなく、nscurl --ats-diagnostics - verbose https:// www.google.com'をあなたのドメインに試みましたか?また、どの暗号スイートがサーバーでサポートされていますか? – Mats
@Mats、あなたのリプレイをありがとう。私は端末でそのコメントを出し、問題の結果を投稿しました。 – sureshunivers