Post marked as solved
Post marked as solved with 2 replies, 2,228 views
We've enabled ATS restrictions in our app, and everything works fine, except sometimes, randomly, the CDN download resource fails.
In most cases, it happens to users who on iOS 14.* and WiFI (VPN helps solve the problem :thinking_face:)
Logs:
(ExampleClientErrorLogServlet) :: Client error: {"arguments":["test_resource","Caught Error Domain%3DNSURLErrorDomain Code%3D-1200 \"An SSL error has occurred and a secure connection to the server cannot be made.\" UserInfo%3D{NSErrorFailingURLStringKey%3Dhttps://my-url/reource.bin, NSLocalizedRecoverySuggestion%3DWould you like to connect to the server anyway?, _kCFStreamErrorDomainKey%3D3, _NSURLErrorFailingURLSessionTaskErrorKey%3DLocalDownloadTask <A50DCF0E-38F3-4454-A78A-B4552336561E>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey%3D(\n \"LocalDownloadTask <A50DCF0E-38F3-4454-A78A-B4552336561E>.<1>\"\n), NSLocalizedDescription%3DAn SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey%3Dhttps://my-url/reource.bin, NSUnderlyingError%3D0x2882e1050 {Error Domain%3DkCFErrorDomainCFNetwork Code%3D-1200 \"(null)\" UserInfo%3D{_kCFStreamPropertySSLClientCertificateState%3D0, _kCFNetworkCFStreamSSLErrorOriginalValue%3D-9816, _kCFStreamErrorDomainKey%3D3, _kCFStreamErrorCodeKey%3D-9816, _NSURLErrorNWPathKey%3Dsatisfied (Path is satisfied), viable, interface: en0, ipv4, dns}}, _kCFStreamErrorCodeKey%3D-9816}"],"format":"Downloading {} file failed: {}","platform":"ios","version":"2.87.1"}
26.07.2022 01:39:55 [DEBUG][9] :: platform: ios, version: 2.87.1. Downloading test_resource file failed: Caught Error Domain%3DNSURLErrorDomain Code%3D-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo%3D{NSErrorFailingURLStringKey%3Dhttps://my-url/reource.bin, NSLocalizedRecoverySuggestion%3DWould you like to connect to the server anyway?, _kCFStreamErrorDomainKey%3D3, _NSURLErrorFailingURLSessionTaskErrorKey%3DLocalDownloadTask <A50DCF0E-38F3-4454-A78A-B4552336561E>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey%3D(
), NSLocalizedDescription%3DAn SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey%3Dhttps://my-url/reource.bin, NSUnderlyingError%3D0x2882e1050 {Error Domain%3DkCFErrorDomainCFNetwork Code%3D-1200 "(null)" UserInfo%3D{_kCFStreamPropertySSLClientCertificateState%3D0, _kCFNetworkCFStreamSSLErrorOriginalValue%3D-9816, _kCFStreamErrorDomainKey%3D3, _kCFStreamErrorCodeKey%3D-9816, _NSURLErrorNWPathKey%3Dsatisfied (Path is satisfied), viable, interface: en0, ipv4, dns}}, _kCFStreamErrorCodeKey%3D-9816}
_kCFNetworkCFStreamSSLErrorOriginalValue=-9816
_kCFStreamErrorDomainKey=3
_kCFStreamErrorCodeKey=-9816
We've tried nscurl --ats-diagnostics on the URL:
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https:/url-path.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
==============================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{}
Result : PASS
---
==============================================================
Allowing Arbitrary Loads
---
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
Result : PASS
---
================================================================================
Configuring TLS exceptions for url
---
TLSv1.3
ATS Dictionary:
{
NSExceptionDomains = {
"url" = {
NSExceptionMinimumTLSVersion = "TLSv1.3";
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=url, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <250D7C7A-A090-41F1-8FED-E73FCB511F41>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <250D7C7A-A090-41F1-8FED-E73FCB511F41>.<1>"
), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=url, NSUnderlyingError=0x6000021318f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: lo0}}, _kCFStreamErrorCodeKey=-9836}
---
======================================
nsurl --ats-diagnostic show me another error code -9836 and like I know TLSv1.3 not necessary yet
Maybe someone can give some suggestions, any help !! :pray:
Thx!