3

My Mac Os X app needs to access different servers in Brazil and one of the servers seems to have an sslv3 issue. It seems that access thru MS Windows solutions is normal. I tried using Internet Explorer and it works. This is an example of what Firefox shows me:

Firefox result

I have written a sample app at http://www.idanfe.com/trustAuthenticationTester.zip that demonstrates that method - (void)connection:(NSURLConnection *)aConnection willSendRequestForAuthenticationChallenge:(NSURLAuthenticationChallenge *)aChallenge is not called at all when talking to the server https://nfe.sefaz.ce.gov.br/nfe2/services/NfeStatusServico2, but I works fine with server https://nfe.sefazvirtual.rs.gov.br/ws/NfeStatusServico/NfeStatusServico2. The purpose is to customize the server trust evaluation. But at this point it is not possible.

These are the error I get:

CFNetwork SSLHandshake failed (-9824)

CFNetwork SSLHandshake failed (-9802)

CFNetwork SSLHandshake failed (-9802)

NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Thanks.

fundidor
  • 207
  • 3
  • 12

1 Answers1

0

Latest version of OS X require TLSv1.2 SSL in the host server and hence the SSL fails. You can set exceptions in your info.plist file.

<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <key>BrazilServer.com</key>
    <dict>
      <key>NSIncludesSubdomains</key>
      <true/>
      <key>NSExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

Also NSURLConnection is deprecated and you should switch to NSURLSession instead, as there are bugs with handling the exceptions in the info.plist and NSURLConnection.

Should you want to get more info about the error you can set the CFNETWORK_DIAGNOSTICS environment variable under the schema setting to 1, and the log will produce more exact results of what is happening during the SSL handshake.

Conor
  • 1,781
  • 17
  • 27