"CFNetwork SSLHandshake failed (-9800)" with TLS 1.1 or 1.2
"CFNetwork SSLHandshake failed (-9800)" with TLS 1.1 or 1.2
- Subject: "CFNetwork SSLHandshake failed (-9800)" with TLS 1.1 or 1.2
- From: Jens Alfke <email@hidden>
- Date: Fri, 10 Oct 2014 16:02:53 -0700
I have a bug report* in which several users of my client library say that, on iOS 8, it's unable to connect to an nginx server using TLS 1.1 or 1.2. The symptom is that a message "CFNetwork SSLHandshake failed (-9800)" is logged (presumably by CFNetwork itself; there's no such string in my code), and then my library returns the same error -9800, which is errSSLProtocol ("SSL protocol error").
Apparently this is a regression from iOS 7, although one user says there was a similar warning in iOS 7 but it didn't stop the connection from succeeding.
My code isn't calling SecureTransport directly; it calls CFReadStreamCreateForHTTPRequest to open the connection. I use the workaround recommended in TN2287** for an compatibility issue between iOS and "some non-compliant TLS server implementations [that] do not handle TLS 1.2", because a few years ago some users had run into that compatibility problem; I don't know if this is still an issue with current versions of iOS. Apparently this workaround stops SecureTransport from trying to use TLS 1.2. That doesn't explain the current bug, though.
Any ideas?
—Jens
* https://github.com/couchbase/couchbase-lite-ios/issues/482
** https://developer.apple.com/library/ios/technotes/tn2287/_index.html
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden