[El Capitan 한정] HTTPS인데 iOS9에서 오류가 발생했을 때의 구세주 명령과 대응례

7081 단어 XcodeATSiOS9iOS

ATS


TIPS: ATS유형적 방법의 문장에 대한 참고 가치
ATS가 유효한 경우 iOS9 이상의 터미널에서 HTTP 통신을 할 수 없음
또한 네트워크 서버 측의 설정이 Apple이 추천하는 조건을 충족시키지 못할 경우 HTTPS 통신이 iOS9에서도 오류가 발생할 수 있습니다
ATS 비활성화는 권장 사항이 아니므로 예외를 설정하려는 경우
하지만 예외를 하나하나 검증하는 것은 번거롭다

이때의 구세주 명령


WARNING: El Capitan 한정

명령


콘솔을 열고 다음 명령을 누르십시오

$ nscurl --ats-diagnostics https://www.*****.com

그리고 ATS 기능의 이상 설정에 대한 연결 테스트를 진행하여 다음과 같이 각 모드의 결과를 출력합니다
그중Result : PASS은 info이다.plist 반영
2016-01-06 19:50:28.848 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:28.849 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.101 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.101 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.115 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.116 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.131 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.132 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.145 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.145 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.160 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.175 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.191 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.191 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.206 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.207 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.222 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.222 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
2016-01-06 19:50:29.397 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.413 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.431 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.432 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9824)
2016-01-06 19:50:29.446 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.461 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9824)
2016-01-06 19:50:29.477 nscurl[36735:501451] CFNetwork SSLHandshake failed (-9801)
2016-01-06 19:50:29.478 nscurl[36735:501451] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9801)
Starting ATS Diagnostics

Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://www.*****.com.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
Use '--verbose' to view the ATS dictionaries used and to display the error received in URLSession:task:didCompleteWithError:.
================================================================================

Default ATS Secure Connection
---
ATS Default Connection
Result : FAIL
---

================================================================================

Allowing Arbitrary Loads

---
Allow All Loads
Result : PASS
---

================================================================================

Configuring TLS exceptions for www.*****.com

---
TLSv1.2
Result : FAIL
---

---
TLSv1.1
Result : FAIL
---

---
TLSv1.0
Result : FAIL
---

================================================================================

Configuring PFS exceptions for www.*****.com

---
Disabling Perfect Forward Secrecy
Result : FAIL
---

================================================================================

Configuring PFS exceptions and allowing insecure HTTP for www.*****.com

---
Disabling Perfect Forward Secrecy and Allowing Insecure HTTP
Result : FAIL
---

================================================================================

Configuring TLS exceptions with PFS disabled for www.*****.com

---
TLSv1.2 with PFS disabled
Result : FAIL
---

---
TLSv1.1 with PFS disabled
Result : FAIL
---

---
TLSv1.0 with PFS disabled
Result : PASS
---

================================================================================

Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for www.*****.com

---
TLSv1.2 with PFS disabled and insecure HTTP allowed
Result : FAIL
---

---
TLSv1.1 with PFS disabled and insecure HTTP allowed
Result : FAIL
---

---
TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
---

================================================================================

info.plist 반영


위의 예에서 PASS의 결과는 세 가지입니다.

결과ATS 비활성화

Allow All Loads
Result : PASS
추천하지 않기 때문에 거절하다

결과PSF 비활성화, TLSv1.0 예외로 설정

TLSv1.0 with PFS disabled
Result : PASS
NSExceptionDomains 에 다음 내용이 추가되었습니다.
<dict>
  <key>www.*****.com</key>
  <dict>
    <key>NSExceptionMinimumTLSVersion</key>
    <string>TLSv1.0</string>
    <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
    <false/>
  </dict>
</dict>

결과결과대응하는 것 외에 안전하지 않은 HTTP 통신도 허용

TLSv1.0 with PFS disabled and insecure HTTP allowed
Result : PASS
NSExceptionDomains 에 다음 내용이 추가되었습니다.
<dict>
  <key>www.*****.com</key>
  <dict>
    <key>NSExceptionMinimumTLSVersion</key>
    <string>TLSv1.0</string>
    <key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
    <false/>
    <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
    <true/>
  </dict>
</dict>
이번에는 여분의 예외를 설정하지 않아도 된다.가장 좋은 것으로 여겨진다!

총결산


HTTPS니까 안심!이렇게 생각하면 아파서 이번에 정리를 했어요.
누구한테 도움이 됐으면 좋겠어요.
이상
감사합니다

좋은 웹페이지 즐겨찾기