Stack Overflow
Stack Overflow

Questions tagged [app-transport-security]

App Transport Security is a feature that improves the security of connections between an app and web services. The feature consists of default connection requirements that conform to best practices for secure connections. Transport security is available on iOS 9.0 or later, and on OS X 10.11 El Capitan and later.

248 questions
1593
votes
29 answers

Transport security has blocked a cleartext HTTP

What setting do I need to put in my info.plist to enable HTTP mode as per the following error message? Transport security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your…
Jeef
  • 26,861
  • 21
  • 78
  • 156
468
votes
8 answers

How do I load an HTTP URL with App Transport Security enabled in iOS 9?

So, the new beta SDK of iOS released last night has "App Transport Security" which encourages developers to use https instead of http. In principle, this is a great idea, and I already use https in our staging/production environments. However, I…
Graeme Mathieson
  • 5,108
  • 3
  • 17
  • 9
307
votes
13 answers

How to use NSURLConnection to connect with SSL for an untrusted cert?

I have the following simple code to connect to a SSL webpage NSMutableURLRequest *urlRequest=[NSMutableURLRequest requestWithURL:url]; [ NSURLConnection sendSynchronousRequest: urlRequest returningResponse: nil error: &error ]; Except it gives an…
erotsppa
  • 14,248
  • 33
  • 123
  • 181
135
votes
14 answers

iOS9 getting error “an SSL error has occurred and a secure connection to the server cannot be made”

Since I upgraded my existing project with iOS 9, I keep getting the error : An SSL error has occurred and a secure connection to the server cannot be made.
Nanda
  • 1,437
  • 2
  • 11
  • 10
53
votes
5 answers

Export Compliance in iOS App Submission

I making a new app and want to submit to app store. But at the time of final submission there is check for Export Compliance. What should I Check Yes Or No. I use https url in my app. Please Help Me . Thanks In Advance.
saurabh_mishra_08
  • 691
  • 1
  • 7
  • 14
39
votes
2 answers

How can I figure out which URL is being blocked by App Transport Security?

I'm upgrading an iOS app to iOS 9, and I have some URLs that are not secure, and I need a few exceptions to App Transport Security. I've added the two that I know about, but there are some warnings happening now stating: App Transport Security has…
Micah Hainline
  • 14,367
  • 9
  • 52
  • 85
37
votes
9 answers

iOS 9 Facebook login simulator -canOpenURL: failed for URL: "fbauth2:///" - error: "(null)"

I've updated to Xcode 7 and the latest iOS SDK. I've added the appropriate entries in my app's plist: My app's Facebook login works fine on device. However, on iOS 9 simulator, I'm getting: -canOpenURL: failed for URL: "fbauth2:///" - error:…
Can Poyrazoğlu
  • 33,241
  • 48
  • 191
  • 389
34
votes
2 answers

Is it safe to add localhost to App Transport Security (ATS) NSExceptionDomains?

Is it safe, in terms of security, to add localhost to ATS NSExceptionDomains for development use? It's not very convenient (and it's easy to forget) to remove those lines from Info.plist file before every commit.
KlimczakM
  • 12,576
  • 11
  • 64
  • 83
23
votes
4 answers

iOS 9 ... Are WebView(s) exempt from the App Transport Security Exceptions (ATS) rules that block insecure HTTP hosts?

In iOS 9, Apple is blocking insecure HTTP connections for apps, unless specific hosts are whitelisted. http://ste.vn/2015/06/10/configuring-app-transport-security-ios-9-osx-10-11/ Are WebView(s) exempt from these rules for obvious reasons, or are we…
Ben Guild
  • 4,881
  • 7
  • 34
  • 60
23
votes
5 answers

kCFStreamErrorDomainSSL, -9802 when connecting to a server by IP address through HTTPS in iOS 9

We have an iOS app that connects to our server through HTTPS. When the app is built with the new iOS 9 SDK and ran under iOS 9, the following error occurs: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802) The app uses…
Ryan Fung
  • 302
  • 1
  • 2
  • 7
22
votes
3 answers

"This app is not allowed to query for scheme cydia" IOS9 error

I have an app where I hit a HTTP Request { request: { URL: http://XX.XX.XX.XXX/webService/dataService.svc/SearchLocation } } Now, whenever the above request is made I get the…
Rahul Singh
  • 1,219
  • 3
  • 13
  • 36
18
votes
3 answers

FireBase error -9806, SSL error -1200

I'm using the new FireBase SDK introduced at I/O 2016 and I'm getting this error after integrating with my app. This happens at app launch. 2016-08-06 06:28:06.237 MyApp[49084:2511094] CFNetwork SSLHandshake failed (-9806) 2016-08-06 06:28:06.238…
ArdenDev
  • 4,051
  • 5
  • 29
  • 50
18
votes
4 answers

Best way for verifying server compliance to Apple's ATS / TLS 1.2 requirement

So Apple requires TLS 1.2 with Forward Secrecy for URLs beginning iOS 9. Independent of the app, what's the best way to verify that a server meets all the requirements? nscurl just outright doesn't work - or I don't know how to use it. My output…
Hampden123
  • 1,248
  • 1
  • 14
  • 16
16
votes
1 answer

App TranSport security, allow arbitrary load not working after upgrade to IOS 10.1

I have an app that works fine in ios 9 and 10.0 (I have add the App Transport Security blocking with “Allow Arbitrary Loads = YES” to my info.plist. But after upgrade to 10.1 and Xcode 8.1 there seem to be a problem with the App Transport Security.…
Lê Khánh Vinh
  • 2,591
  • 5
  • 31
  • 77
12
votes
5 answers

Intermittent SSL errors from iOS app to AWS Elastic Beanstalk backend

My iOS app has had intermittent SSL errors when making HTTPS requests to the backend for several months. The error description: An SSL error has occurred and a secure connection to the server cannot be made. The console logs when in debug…
Jon Cox
  • 10,622
  • 22
  • 78
  • 123
1
2 3
16 17