1200php,iOS10 NSURLErrorDomain Code 1200

环境 xCode8 iOS10 操作:新浪微博的第三方登录

一、异常信息

error = Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?

发生了 SSL 错误，无法建立与该服务器的安全连接

二、网上解决方案

在info.plist 中添加以下代码，但没有解决问题

NSAppTransportSecurity

NSAllowsArbitraryLoads

三、解决过程

3.1 验证服务器ATS是否PASS

nscurl --ats-diagnostics --verbose https://xxx.com 出现问题的URL，在服务端上配置TLSV1.2

✗ nscurl --ats-diagnostics --verbose https://api.xxx.com/oauth2/authorize\?client_id\=xxxxxx\&redirect_uri\=http://www.xxx.com/data/api/oauth/connect.php\?method\=weibo_callback\&response_type\=code\&state\=weibo_58247803463a94.25994144

Starting ATS Diagnostics

Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://api.weibo.com/oauth2/authorize?client_id=1681325651&redirect_uri=http://www.guojishitiao.com/data/api/oauth/connect.php?method=weibo_callback&response_type=code&state=weibo_58247803463a94.25994144.

A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.

================================================================================

Default ATS Secure Connection

---

ATS Default Connection

ATS Dictionary:

{

}

2016-11-10 21:50:17.832 nscurl[37466:1493984] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)

Result : FAIL

》》 在服务端 Nginx上配置TLSV1.2，支持ATS

四、另外

*** 由于iOS10的发布，原有ATS设置在iOS10上会出现https网络访问限制的问题。***

sina.com.cn

NSIncludesSubdomains

NSThirdPartyExceptionAllowsInsecureHTTPLoads

NSExceptionMinimumTLSVersion

TLSv1.0

NSThirdPartyExceptionRequiresForwardSecrecy

需要在问题域名下添加NSExceptionMinimumTLSVersion 的key，值设置为TLSv1.0

==