RDC RDC - 1 year ago 91
iOS Question

iOS 9.3 : An SSL error has occurred and a secure connection to the server cannot be made

I am getting following error with self signed certificate

Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred
and a secure connection to the server cannot be made.

while testing web-services for one of my demo app with

Note: before assuming its Duplicate, I would request please read it all the way,even same i have reported to apple dev forums

Using Alamofire Library

func testAlamofireGETRequest() -> Void
Alamofire.request(.GET, "https://filename.hostname.net/HelloWeb/service/greeting/john")
{ response in
print("Response JSON: \(response.result.value)")

Using NSURLSession

func testNSURLSessionRequest() -> Void {

let session = NSURLSession.sharedSession()
let urlString = "https://filename.hostname.net/HelloWeb/service/greeting/john"
let url = NSURL(string: urlString)
let request = NSURLRequest(URL: url!)
let dataTask = session.dataTaskWithRequest(request) { (data:NSData?, response:NSURLResponse?, error:NSError?) -> Void in
print("done, error: \(error)")

//Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made.

I spent 2 days with no luck :(

there are bunch of questions already posted but nothing worked for me

posted Alamofire git issue

My Info.pist file is updated for ATS settings this way


Meanwhile I am able to get response for


and https://google.com

Can anyone please suggest me why I am not able to get this working after huge efforts?

Answer Source

I presume the server you are trying to connect has invalid certificates or doesn't match up with the iOS 9 standards for ECC, Ciphers etc.

  • If you’re using high-level networking APIs—NSURLSession, NSURLConnection, or anything layered on top of those—you don’t have direct control over the cypher suites offered by the client. Those APIs choose a set of cypher suites using their own internal logic.

  • If you’re using lower-level networking APIs—CFSocketStream, via its NSStream and CFStream APIs, and anything lower than that—you can explicitly choose the set of cypher suites you want to use. How you do this depends on the specific API.

The standard practice is:

  1. create the stream pair

  2. configure it for TLS

  3. get the Secure Transport context using the kCFStreamPropertySSLContext property

  4. configure specific properties in that context

  5. open the streams

You can see an example of this in the TLSTool sample code. Specifically, look at the TLSToolServer class, where you can see exactly this sequence.

In a very short context, you want to configure the stream in such a way that it bypasses the security, however, in the case of Alamofire you can do this directly by:

func bypassAuthentication() {
        let manager = Alamofire.Manager.sharedInstance
        manager.delegate.sessionDidReceiveChallenge = { session, challenge in
            var disposition: NSURLSessionAuthChallengeDisposition = .PerformDefaultHandling
            var credential: NSURLCredential?
            if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
                disposition = NSURLSessionAuthChallengeDisposition.UseCredential
                credential = NSURLCredential(forTrust: challenge.protectionSpace.serverTrust!)
            } else {
                if challenge.previousFailureCount > 0 {
                    disposition = .CancelAuthenticationChallenge
                } else {
                    credential = manager.session.configuration.URLCredentialStorage?.defaultCredentialForProtectionSpace(challenge.protectionSpace)
                    if credential != nil {
                        disposition = .UseCredential
            return (disposition, credential)

let me know if that helps. Thank you!

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download