site_archiver@lists.apple.com Delivered-To: macnetworkprog@lists.apple.com User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 Hi James - is the app in question compiled under an older SDK? In my experience the macOS networking stack will not opt-in apps compiled against older SDKs to TLS versions greater than 1.0. The app has to specifically configure a connection to use a higher TLS version. Apps compiled against later SDKs (I don’t know the exact cutoff) get TLS 1.1, 1.2, etc. support “for free.” It’s a really frustrating limitation. The best solution is to compile against a later SDK, but I know all too well how inconvenient that can be. I suffered this for long enough with one of my apps that I built a “force TLS 1.2” type user default into my app’s preference. Why the preference? Because you can’t just configure every network request to use the later TLS, or it will fail when connecting to hosts that don’t support it :-\ Daniel On Jul 16, 2018, at 5:46 PM, James Walker mailto:jamesw@frameforge3d.com wrote: On 7/16/2018 2:31 PM, Quinn "The Eskimo!" wrote: On 16 Jul 2018, at 22:04, James Walker mailto:jamesw@frameforge3d.com wrote: I read somewhere that AppKit did not support anything past TLS 1.0 until macOS 10.9 … If by “AppKit” you mean “Secure Transport and everything layered on top of it, including Foundation URL loading, then yes, that’s correct. Yeah, that's what I mean. Clearly, my knowledge of networking is somewhat rudimentary. But it my testing, it actually fails in macOS 10.9 and 10.10 too. There are lots of reasons why a download might fail like this. Even if you restrict yourself to TLS-related stuff, there’s still a bunch of possibilities. What error did you get? NSURLErrorSecureConnectionFailed. Logging the NSError produces: Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x6080001bce00 {_kCFStreamErrorDomainKey=3, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9806, NSUnderlyingError=0x60800024f960 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorPeerCertificateChainKey=( ), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz, NSErrorFailingURLStringKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz, NSErrorClientCertificateStateKey=0} _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (mailto:Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/jalkut%40red-sweater.... This email sent to mailto:jalkut@red-sweater.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Macnetworkprog mailing list (Macnetworkprog@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/macnetworkprog/site_archiver%40lists... This email sent to site_archiver@lists.apple.com