|
On 7/16/2018 3:49 PM, Daniel Jalkut
wrote:
Hi James - is the app in question compiled under an older SDK? In my experience the macOS networking stack will not opt-in apps compiled against older SDKs to TLS versions greater than 1.0. The app has to specifically configure a connection to use a higher TLS version.
Apps compiled against later SDKs (I don’t know the exact cutoff) get TLS 1.1, 1.2, etc. support “for free.”
As a matter of fact, I am usually building with the 10.8 SDK. So
maybe that would explain why SSL doesn't work on OS 10.9 and 10.10,
but why does it start working again in 10.11 and later?
I have a good-enough solution now: if the OS is less than 10.11, I
fall back to using an http URL. Maybe some day that will stop
working, but hopefully by then I won't be supporting those old OS
versions.
It’s a really frustrating limitation. The best solution is to compile against a later SDK, but I know all too well how inconvenient that can be. I suffered this for long enough with one of my apps that I built a “force TLS 1.2” type user default into my app’s preference. Why the preference? Because you can’t just configure every network request to use the later TLS, or it will fail when connecting to hosts that don’t support it :-\
Daniel
On Jul 16, 2018, at 5:46 PM, James Walker <email@hidden> wrote:
On 7/16/2018 2:31 PM, Quinn "The Eskimo!" wrote:
On 16 Jul 2018, at 22:04, James Walker <email@hidden>
wrote:
I read somewhere that AppKit did not support anything past TLS 1.0 until macOS 10.9 …
If by “AppKit” you mean “Secure Transport and everything layered on top of it, including Foundation URL loading, then yes, that’s correct.
Yeah, that's what I mean. Clearly, my knowledge of networking is somewhat rudimentary.
But it my testing, it actually fails in macOS 10.9 and 10.10 too.
There are lots of reasons why a download might fail like this. Even if you restrict yourself to TLS-related stuff, there’s still a bunch of possibilities. What error did you get?
NSURLErrorSecureConnectionFailed.
Logging the NSError produces:
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo=0x6080001bce00 {_kCFStreamErrorDomainKey=3, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9806, NSUnderlyingError=0x60800024f960 "An SSL error has occurred and a secure connection to the server cannot be made.", NSErrorPeerCertificateChainKey=(
), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz, NSErrorFailingURLStringKey=https://files.frameforge.com/webgrab/mac/ff4.0-mac-update-list.xml.wgz, NSErrorClientCertificateStateKey=0}
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
|