iOS10에서의 ATS.. 너무 힘들지만 TLS version을 건들여 보자..

<마음에 드는 버전이 없엉...ㅠㅠ 아몰랑!!!!!>

 webView:didFailLoadWithError:](410) error: Domain=NSURLErrorDomain Code=-1200 "SSL 오류가 발생했기 때문에 서버에 안전하게 연결할 수 없습니다." UserInfo={_kCFStreamErrorCodeKey=-9824, NSLocalizedRecoverySuggestion=서버에 연결하겠습니까?, NSUnderlyingError=0x610000249690 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "SSL 오류가 발생했기 때문에 서버에 안전하게 연결할 수 없습니다." UserInfo={NSErrorFailingURLStringKey=https://subsubdomain.subdomain.domain.com/form/responseView.cmd?formkey=MzIzYWRhM2EtZjM0OS00YWZlLWJjYTAtZjQ5ZjMwMTMwOTk1&sourceId=urlshare, NSLocalizedRecoverySuggestion=서버에 연결하겠습니까?, _kCFNetworkCFStreamSSLErrorOriginalValue=-9824, _kCFStreamPropertySSLClientCertificateState=0, NSLocalizedDescription=SSL 오류가 발생했기 때문에 서버에 안전하게 연결할 수 없습니다., _kCFStreamErrorDomainKey=3, NSErrorFailingURLKey=https://subsubdomain.subdomain.domain.com/form/responseView.cmd?formkey=MzIzYWRhM2EtZjM0OS00YWZlLWJjYTAtZjQ5ZjMwMTMwOTk1&sourceId=urlshare, _kCFStreamErrorCodeKey=-9824}}, NSLocalizedDescription=SSL 오류가 발생했기 때문에 서버에 안전하게 연결할 수 없습니다., NSErrorFailingURLKey=https://subsubdomain.subdomain.domain.com/form/responseView.cmd?formkey=MzIzYWRhM2EtZjM0OS00YWZlLWJjYTAtZjQ5ZjMwMTMwOTk1&sourceId=urlshare, NSErrorFailingURLStringKey=https://subsubdomain.subdomain.domain.com/form/responseView.cmd?formkey=MzIzYWRhM2EtZjM0OS00YWZlLWJjYTAtZjQ5ZjMwMTMwOTk1&sourceId=urlshare, _kCFStreamErrorDomainKey=3}

(에러로그 복붙한 뒤 도메인만 수정한 로그)

"an ssl error has occurred and a secure connection to the server cannot be made" 도 마찬가지!!

해결방법은

info.plist에서 

<key>NSExceptionMinimumTLSVersion</key>

<string>TLSv1.0</string>

를 추가해줌.

<key>NSAllowsArbitraryLoads</key>

<true/>만 해줘도 해결할 수 있기는 함..

_kCFStreamErrorCodeKey=-9824.

를 구글링하여보니 SSL handshake에서 발생한 오류라는 얘기가 있어 이것저것 해보다 minimum버전을 바꾸어 주니 해결이 되었음.

그런데, 왜 iOS9에서는 minimum버전을 바꾸지 않아도 웹뷰 로딩이 잘 되는가?

iOS10에서 ATS가 강화되어 https에 접속할 때, tls버전이 1.2이하면 아얘 접속이 안된다는데.. 이건 iOS9도 마찬가지 아닌가?

그리고 무엇보다 apple reference에서 본 내용이 아니고 한글로 누가 끄적여 놓은걸 본 터라 두터운 신뢰가 생기질 않는다.

결론은 나도 몰라....

http://stackoverflow.com/questions/39544547/i-have-ios-10-tsl-issue-security-error-9801-how-to-fix

http://stackoverflow.com/questions/30720813/cfnetwork-sslhandshake-failed-ios-9

http://lists.apple.com/archives/apple-cdsa/2015/Jul/msg00017.html (iOS8에선 되는데 iOS9에선 handshake가 fail해요)

https://swifter.kr/2016/06/17/ios10-atsapp-transport-security-2016%EB%85%84%EB%A7%90%EB%B6%80%ED%84%B0-%ED%95%84%EC%88%98-%EC%A1%B0%EA%B1%B4/ 

---

관련 Apple Ref

Security and Privacy Enhancements

iOS 10 introduces several changes and additions that help you improve the security of your code and maintain the privacy of user data. To learn more about these items, see https://developer.apple.com/security/.

• The new NSAllowsArbitraryLoadsInWebContent key for your Info.plist file gives you a convenient way to allow arbitrary web page loads to work while retaining ATS protections for the rest of your app. To learn more about this key, see NSAppTransportSecurity.

• The SecKey API includes improvements for asymmetric key generation. Use the SecKey API instead of the deprecated Common Data Security Architecture (CDSA) APIs.

• The RC4 symmetric cipher suite is now disabled by default for all SSL/TLS connections, and SSLv3 is no longer supported in the Secure Transports API. It’s recommended that you stop using the SHA-1 and 3DES cryptographic algorithms as soon as possible.

• The UIPasteboard class supports the Clipboard feature, which lets users copy and paste between devices, and includes API you can use to restrict a pasteboard to a specific device and set an expiration timestamp after which the pasteboard is cleared. Additionally, named pasteboards are no longer persistent—instead, you should use shared containers—and the “Find” pasteboard (that is, the pasteboard identified by the UIPasteboardNameFind constant) is unavailable.

• You must statically declare your app’s intended use of protected data classes by including the appropriate purpose string keys in your Info.plist file. For example, you must include the NSCalendarsUsageDescription key to access the user’s Calendar data. If you don’t include the relevant purpose string keys, your app exits when it tries to access the data.