Re: SSL and old macOS versions
Re: SSL and old macOS versions
- Subject: Re: SSL and old macOS versions
- From: Daniel Jalkut <email@hidden>
- Date: Mon, 16 Jul 2018 18:49:51 -0400
Hi James - is the app in question compiled under an older SDK? In my experience
the macOS networking stack will not opt-in apps compiled against older SDKs to
TLS versions greater than 1.0. The app has to specifically configure a
connection to use a higher TLS version.
Apps compiled against later SDKs (I don’t know the exact cutoff) get TLS 1.1,
1.2, etc. support “for free.”
It’s a really frustrating limitation. The best solution is to compile against a
later SDK, but I know all too well how inconvenient that can be. I suffered
this for long enough with one of my apps that I built a “force TLS 1.2” type
user default into my app’s preference. Why the preference? Because you can’t
just configure every network request to use the later TLS, or it will fail when
connecting to hosts that don’t support it :-\
Daniel
> On Jul 16, 2018, at 5:46 PM, James Walker <email@hidden> wrote:
>
> On 7/16/2018 2:31 PM, Quinn "The Eskimo!" wrote:
>> On 16 Jul 2018, at 22:04, James Walker <email@hidden>
>> wrote:
>>
>>
>>> I read somewhere that AppKit did not support anything past TLS 1.0 until
>>> macOS 10.9 …
>>>
>> If by “AppKit” you mean “Secure Transport and everything layered on top of
>> it, including Foundation URL loading, then yes, that’s correct.
>>
>
> Yeah, that's what I mean. Clearly, my knowledge of networking is somewhat
> rudimentary.
>
>>> But it my testing, it actually fails in macOS 10.9 and 10.10 too.
>>>
>>
>> There are lots of reasons why a download might fail like this. Even if you
>> restrict yourself to TLS-related stuff, there’s still a bunch of
>> possibilities. What error did you get?
>>
> NSURLErrorSecureConnectionFailed.
>
> Logging the NSError produces:
>
> Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a
> secure connection to the server cannot be made." UserInfo=0x6080001bce00
> {_kCFStreamErrorDomainKey=3, NSLocalizedRecoverySuggestion=Would you like to
> connect to the server anyway?, _kCFStreamErrorCodeKey=-9806,
> NSUnderlyingError=0x60800024f960 "An SSL error has occurred and a secure
> connection to the server cannot be made.", NSErrorPeerCertificateChainKey=(
> ), NSLocalizedDescription=An SSL error has occurred and a secure connection
> to the server cannot be made.,
> NSErrorFailingURLKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz,
>
> NSErrorFailingURLStringKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz,
> NSErrorClientCertificateStateKey=0}
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macnetworkprog mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden