site_archiver@lists.apple.com Delivered-To: macnetworkprog@lists.apple.com Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=red-sweater.com; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s= red-sweater.com; bh=omqcNfhAbyLfcbqLal7AjISMtaA=; b=Zjrn5LrGBAoD rmqLE1B+zJo3yHVS2d2ZXzK3d9UsHLz54NtiajUB4JNj/yTvhgjXtiI4bxdwkC1i aU0iMeJjRbHgjqaqtxqcabGuW9gDmBhFl4IqKNav+PtedviiT9aY/wKTPrwNALg8 g+ZHmFZsoD5l4BDLXRPk6jiOAoKJ1dc= Hi James - is the app in question compiled under an older SDK? In my experience the macOS networking stack will not opt-in apps compiled against older SDKs to TLS versions greater than 1.0. The app has to specifically configure a connection to use a higher TLS version. Apps compiled against later SDKs (I don’t know the exact cutoff) get TLS 1.1, 1.2, etc. support “for free.” It’s a really frustrating limitation. The best solution is to compile against a later SDK, but I know all too well how inconvenient that can be. I suffered this for long enough with one of my apps that I built a “force TLS 1.2” type user default into my app’s preference. Why the preference? Because you can’t just configure every network request to use the later TLS, or it will fail when connecting to hosts that don’t support it :-\ Daniel
On Jul 16, 2018, at 5:46 PM, James Walker <jamesw@frameforge3d.com> wrote:
On 7/16/2018 2:31 PM, Quinn "The Eskimo!" wrote:
On 16 Jul 2018, at 22:04, James Walker <jamesw@frameforge3d.com> wrote:
I read somewhere that AppKit did not support anything past TLS 1.0 until macOS 10.9 …
If by “AppKit” you mean “Secure Transport and everything layered on top of it, including Foundation URL loading, then yes, that’s correct.
Yeah, that's what I mean. Clearly, my knowledge of networking is somewhat rudimentary.
But it my testing, it actually fails in macOS 10.9 and 10.10 too.
There are lots of reasons why a download might fail like this. Even if you restrict yourself to TLS-related stuff, there’s still a bunch of possibilities. What error did you get?
NSURLErrorSecureConnectionFailed.
Logging the NSError produces:
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x6080001bce00 {_kCFStreamErrorDomainKey=3, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9806, NSUnderlyingError=0x60800024f960 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorPeerCertificateChainKey=( ), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz,
NSErrorFailingURLStringKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz, NSErrorClientCertificateStateKey=0}
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/jalkut%40red-sweater....
This email sent to jalkut@red-sweater.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/site_archiver%40lists... This email sent to site_archiver@lists.apple.com