-
Notifications
You must be signed in to change notification settings - Fork 113
SSL Issues
Help, I'm seeing error -1200 "An SSL error has occurred and a secure connection to the server cannot be made."
This error is coming from Apple's networking library. A full list of NSURL error codes can be found in NSURLError.h in the macOS and iOS SDKs. This specific error occurs when the server itself, or something in between the client and server is trying to intercept a connection to the server is using an invalid certificate. The NSURLErrorFailingURLErrorKey in the userInfo dictionary of the error object will tell you what server is failing the SSL check.
If the URL providing the invalid certificate is a server you expect to go to as part of the authentication flow then start by running that URL through a SSL validation service like the Qualys SSL Labs Analyzer. It will test the server against a wide array of scenarios and browsers and check for many known vulnerabilities.
It is worth paying extra attention to the "Apple ATS/iOS 9" line under Handshake Simulation. By default Apple applies more stringent security policies in apps on SSL certificates under the App Transport Security (ATS) feature. Other OSes and web browsers have started enforcing some of these policies by default as well, so we recommend not disabling ATS as it is merely delaying when customers will start to experience issues while compromising their security.
Certificates using SHA-1 hashes are particularly singled out as SHA-1 has known vulnerabilities and as of February 14th, 2017 most web browsers do not allow certificates with SHA-1 hashes.
In some cases, like a captive portal that intercepts all internet traffic errors are expected until the user connects through the portal. These errors are expected and indicative of the library working correctly.