[El Capitan 한정] HTTPS인데 iOS9에서 오류가 발생했을 때의 구세주 명령과 대응례
ATS
TIPS: ATS유형적 방법의 문장에 대한 참고 가치
ATS가 유효한 경우 iOS9 이상의 터미널에서 HTTP 통신을 할 수 없음
또한 네트워크 서버 측의 설정이 Apple이 추천하는 조건을 충족시키지 못할 경우 HTTPS 통신이 iOS9에서도 오류가 발생할 수 있습니다
ATS 비활성화는 권장 사항이 아니므로 예외를 설정하려는 경우
하지만 예외를 하나하나 검증하는 것은 번거롭다
이때의 구세주 명령
WARNING: El Capitan 한정
명령
콘솔을 열고 다음 명령을 누르십시오
$ nscurl --ats-diagnostics https://www.*****.com
그리고 ATS 기능의 이상 설정에 대한 연결 테스트를 진행하여 다음과 같이 각 모드의 결과를 출력합니다
그중Result : PASS
은 info이다.plist 반영2016-01-06 19:50:28.848 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:28.849 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.101 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.101 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.115 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.116 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.131 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.132 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.145 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.145 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.160 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.175 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.191 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.191 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.206 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.207 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.222 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.222 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.397 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.413 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.431 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.432 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.446 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.461 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.477 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.478 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://www.*****.com.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
Use '--verbose' to view the ATS dictionaries used and to display the error received in URLSession:task:didCompleteWithError:.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
Result : FAIL
---
================================================================================
Allowing Arbitrary Loads
---
Allow All Loads
Result : PASS
---
================================================================================
Configuring TLS exceptions for www.*****.com
---
TLSv1.2
Result : FAIL
---
---
TLSv1.1
Result : FAIL
---
---
TLSv1.0
Result : FAIL
---
================================================================================
Configuring PFS exceptions for www.*****.com
---
Disabling Perfect Forward Secrecy
Result : FAIL
---
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for www.*****.com
---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
Result : FAIL
---
================================================================================
Configuring TLS exceptions with PFS disabled for www.*****.com
---
TLSv1.2 with PFS disabled
Result : FAIL
---
---
TLSv1.1 with PFS disabled
Result : FAIL
---
---
TLSv1.0 with PFS disabled
Result : PASS
---
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for www.*****.com
---
TLSv1.2 with PFS disabled and insecure HTTP allowed
Result : FAIL
---
---
TLSv1.1 with PFS disabled and insecure HTTP allowed
Result : FAIL
---
---
TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
---
================================================================================
info.plist 반영
위의 예에서 PASS의 결과는 세 가지입니다.
결과ATS 비활성화
Allow All Loads
Result : PASS
추천하지 않기 때문에 거절하다
결과PSF 비활성화, TLSv1.0 예외로 설정
TLSv1.0 with PFS disabled
Result : PASS
NSExceptionDomains
에 다음 내용이 추가되었습니다.<dict>
<key>www.*****.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
결과결과대응하는 것 외에 안전하지 않은 HTTP 통신도 허용
TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
NSExceptionDomains
에 다음 내용이 추가되었습니다.<dict>
<key>www.*****.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
이번에는 여분의 예외를 설정하지 않아도 된다.가장 좋은 것으로 여겨진다!
총결산
HTTPS니까 안심!이렇게 생각하면 아파서 이번에 정리를 했어요.
누구한테 도움이 됐으면 좋겠어요.
이상
감사합니다
Reference
이 문제에 관하여([El Capitan 한정] HTTPS인데 iOS9에서 오류가 발생했을 때의 구세주 명령과 대응례), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/mesummery/items/04a2bc3627de96eaa12b
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
WARNING: El Capitan 한정
명령
콘솔을 열고 다음 명령을 누르십시오
$ nscurl --ats-diagnostics https://www.*****.com
그리고 ATS 기능의 이상 설정에 대한 연결 테스트를 진행하여 다음과 같이 각 모드의 결과를 출력합니다그중
Result : PASS
은 info이다.plist 반영2016-01-06 19:50:28.848 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:28.849 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.101 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.101 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.115 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.116 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.131 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.132 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.145 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.145 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.160 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.175 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.191 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.191 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.206 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.207 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.222 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.222 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.397 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.413 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.431 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.432 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.446 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.461 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.477 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.478 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://www.*****.com.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
Use '--verbose' to view the ATS dictionaries used and to display the error received in URLSession:task:didCompleteWithError:.
================================================================================
Default ATS Secure Connection
---
ATS Default Connection
Result : FAIL
---
================================================================================
Allowing Arbitrary Loads
---
Allow All Loads
Result : PASS
---
================================================================================
Configuring TLS exceptions for www.*****.com
---
TLSv1.2
Result : FAIL
---
---
TLSv1.1
Result : FAIL
---
---
TLSv1.0
Result : FAIL
---
================================================================================
Configuring PFS exceptions for www.*****.com
---
Disabling Perfect Forward Secrecy
Result : FAIL
---
================================================================================
Configuring PFS exceptions and allowing insecure HTTP for www.*****.com
---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
Result : FAIL
---
================================================================================
Configuring TLS exceptions with PFS disabled for www.*****.com
---
TLSv1.2 with PFS disabled
Result : FAIL
---
---
TLSv1.1 with PFS disabled
Result : FAIL
---
---
TLSv1.0 with PFS disabled
Result : PASS
---
================================================================================
Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for www.*****.com
---
TLSv1.2 with PFS disabled and insecure HTTP allowed
Result : FAIL
---
---
TLSv1.1 with PFS disabled and insecure HTTP allowed
Result : FAIL
---
---
TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
---
================================================================================
info.plist 반영
위의 예에서 PASS의 결과는 세 가지입니다.
결과ATS 비활성화
Allow All Loads
Result : PASS
추천하지 않기 때문에 거절하다결과PSF 비활성화, TLSv1.0 예외로 설정
TLSv1.0 with PFS disabled
Result : PASS
NSExceptionDomains
에 다음 내용이 추가되었습니다.<dict>
<key>www.*****.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
결과결과대응하는 것 외에 안전하지 않은 HTTP 통신도 허용
TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
NSExceptionDomains
에 다음 내용이 추가되었습니다.<dict>
<key>www.*****.com</key>
<dict>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.0</string>
<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
</dict>
</dict>
이번에는 여분의 예외를 설정하지 않아도 된다.가장 좋은 것으로 여겨진다!총결산
HTTPS니까 안심!이렇게 생각하면 아파서 이번에 정리를 했어요.
누구한테 도움이 됐으면 좋겠어요.
이상
감사합니다
Reference
이 문제에 관하여([El Capitan 한정] HTTPS인데 iOS9에서 오류가 발생했을 때의 구세주 명령과 대응례), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다
https://qiita.com/mesummery/items/04a2bc3627de96eaa12b
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념
(Collection and Share based on the CC Protocol.)
Reference
이 문제에 관하여([El Capitan 한정] HTTPS인데 iOS9에서 오류가 발생했을 때의 구세주 명령과 대응례), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/mesummery/items/04a2bc3627de96eaa12b텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)