I have a native IOS Application which connects to the backend behind Webseal 6.1. This was originally written targeting IOS 7 and is heavily using NSURLConnection to communicate with the backend server.
This application was working fine until I upgraded my device to IOS 9. So I did an investigation on what causing the issue and I found out that it was because of the App Transport Security introduced in IOS 9 that forces the application to connect to a backend with TLS 1.2 connection protocol.
I spent hours on searching for a solution for this issue and it always lead me to the following solutions:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>my-server-domain.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow insecure HTTP requests-->
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
</dict>
</dict>
</dict>
The above info.plist addition did not solve the issue and is returning CFNetwork SSLHandshake failed (-9824). So I searched for more answer and I found out that there's another key that can be used. So I added the following to the plist. NSTemporaryExceptionRequiresForwardSecrecy and set to NO. Still the SSL error is their and this the error code is CFNetwork SSLHandshake failed (-9801).
Another blog that I stumbled upon mentioned that the keys should not use temporary as this was intended for IOS 9 Beta, so I changed keys by removing the temporary: from NSTemporaryExceptionAllowsInsecureHTTPLoads to NSExceptionAllowsInsecureHTTPLoads, NSTemporaryExceptionMinimumTLSVersion to NSExceptionMinimumTLSVersion and NSTemporaryExceptionRequiresForwardSecrecy to NSExceptionRequiresForwardSecrecy but to no avail.
I have tried different combinations of the keys and values of the above mentioned properties but the error is still the same.
Another solution that I found is to turn off IOS 9 strict Transport checking.
<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections -->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
But this is also not working. Right now I am stuck with this issue and my application is not useable.
I know this can be fixed by fixing my backend to use TLS 1.2 for the transport but this is not an option right now. The only acceptable for now is to modify the client app.
I hope someone could point me to any missing configuration to make my application work. Thank you.
