How to cancel a persistent connection using NSURLConnection?

转载 2013年12月05日 14:37:52


Is it possible to destroy a persistent connection that has been created with NSURLConnection? I need to be able to destroy the persistent connection and do another SSL handshake.

As it is now, calling [conn cancel] leaves a persistent connection behind that gets used with the next connection request to that host, which I don't want to happen.


As it turns out, I believe the Secure Transport TLS session cache is to blame.

I also asked the question on the apple developer forums, and got a response from an Apple person. He pointed me to this Apple sample code readme where it says:

At the bottom of the TLS stack on both iOS and Mac OS X is a component known as Secure Transport. Secure Transport maintains a per-process TLS session cache. When you connect via TLS, the cache stores information about the TLS negotiation so that subsequent connections can connect more quickly. The on-the-wire mechanism is described at the link below.

This presents some interesting gotchas, especially while you're debugging. For example, consider the following sequence:

  1. You use the Debug tab to set the TLS Server Validation to Disabled.

  2. You connect to a site with a self-signed identity. The connection succeeds because you've disabled TLS server trust validation. This adds an entry to the Secure Transport TLS session cache.

  3. You use the Debug tab to set the TLS Server Validation to Default.

  4. You immediately connect to the same site as you did in step 2. This should fail, because of the change in server trust validation policy, but it succeeds because you never receive an NSURLAuthenticationMethodServerTrust challenge. Under the covers, Secure Transport has resumed the TLS session, which means that the challenge never bubbles up to your level.

  5. On the other hand, if you delay for 11 minutes between steps 3 and 4, things work as expected (well, fail as expected :-). This is because Secure Transport's TLS session cache has a timeout of 10 minutes.

In the real world this isn't a huge problem, but it can be very confusing during debugging. There's no programmatic way to clear the Secure Transport TLS session cache but, as the cache is per-process, you can avoid this problem during debugging by simply quitting and relaunching your application. Remember that, starting with iOS 4, pressing the Home button does not necessarily quit your application. Instead, you should use quit the application from the recent applications list.

So, based on that, a user would have to either kill their app and restart it or wait more than 10 minutes before sending another request.

I did another google search with this new information and found this Apple technical Q&A article that matches this problem exactly. Near the bottom, it mentions adding a trailing '.' to domain names (and hopefully IP addresses) for requests in order to force a TLS session cache miss (if you can't modify the server in some way, which I can't), so I am going to try this and hopefully it will work. I will post my findings after I test it.

### EDIT ###

I tested adding a '.' to the end of the ip address, and the request was still completed successfully.

But I was thinking about the problem in general, and there's really no reason to force another SSL handshake. In my case, the solution to this problem is to keep a copy of the last known SecCertificateRef that was returned from the server. When making another request to the server, if a cached TLS session is used (connection:didReceiveAuthenticationChallenge: was not called), we know that the saved SecCertificateRef is still valid. If connection:didReceiveAuthenticationChallenge: is called, we can get the new SecCertificateRef at that time.


- (void)connection:(NSURLConnection *)connection didFailWithError:(NSError *)error NSURLConnection去加...
  • u012186949
  • u012186949
  • 2014年07月22日 19:19
  • 1752


1.发送同步请求(返回NSData数据)[NSURLConnection sendSynchronousRequest:request returningResponse:&response erro...
  • xiejunna
  • xiejunna
  • 2017年03月06日 14:56
  • 564

HTTP1.1 持久连接( Persistent Connections)

8.1持久连接( Persistent Connections)8.1.1目的在提出持久连接之前,每获取一个URL都有创建一个单独的TCP连接,不断的加重HTTP服务器的负担并导致网络的拥塞。使用内联...
  • xiaojianpitt
  • xiaojianpitt
  • 2009年07月27日 09:43
  • 6467


NSURLConnection提供对网络异步加载请求的支持,并且将获取的数据返回给代理。提供了简单的接口去创建和取消连接,同时使用delegate方法去支持连接过程的反馈和控制 。在实际开发中直接用的...
  • qianlima210210
  • qianlima210210
  • 2014年01月04日 16:11
  • 6797

HTTP长连接 Persistent Connections与Connection: Keep-Alive

参考: Persistent Connections: h...
  • yzpbright
  • yzpbright
  • 2016年05月03日 15:29
  • 450


1 NSURLConnection设置代理(1)两种为NSURLConnection设置代理方式的区别 //第一种设置方式: //通过该方法设置代理,会自动的发送请求 // [[...
  • azhang_coder
  • azhang_coder
  • 2016年11月18日 21:32
  • 662


connection:didReceiveResponse: Sent when the connection has received sufficient data to construct...
  • Koupoo
  • Koupoo
  • 2011年09月08日 16:02
  • 1297


  • qq232053394
  • qq232053394
  • 2014年06月16日 15:00
  • 907

OCiOS开发:NSURLConnection 网络请求

同步、异步请求简介 同步请求会在当前线程中执行网络请求操作,一般情况是在主线程执行。 主线程默认处理用户交互信息,若执行网络请求,则在请求完成之前用户无法与界面交互异步请求会新开辟一个线程,并在后台线...
  • Hierarch_Lee
  • Hierarch_Lee
  • 2015年08月20日 17:17
  • 2792

IPVS源代码分析-----persistent connection和fwmark

persistent connetion和fwmark主要用于处理多连接的应用。主要参考
  • a_jige
  • a_jige
  • 2014年02月28日 23:33
  • 2310
您举报文章:How to cancel a persistent connection using NSURLConnection?