Tag Archives: -9806)

[Solved] AFN NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)

1、 The encryption protocol is not unified

After IOS 9, the default encryption protocol is tlsv1.2. At present, some servers still use tlsv1.0. In this way, because the protocol is not unified, the application and server cannot establish a connection, and an error is reported: error domain = nsurlerrordomain code = – 1200

there are two solutions:

The first method: Modify from the application side

Right click plist file – > Open As -> Source code, add the following code:

        <key>domain</key>
  	<dict>
  		<key>NSIncludesSubdomains</key>
  		<true/>
  		<key>NSThirdPartyExceptionAllowsInsecureHTTPLoads</key>
  		<true/>
  		<key>NSExceptionMinimumTLSVersion</key>
  		<string>TLSv1.0</string>
  		<key>NSThirdPartyExceptionRequiresForwardSecrecy</key>
  		<false/>
  	</dict>

The second method: Modify from the server

Let the server change the encryption protocol from tlsv1.0 or tlsv1.1 to tlsv1.2

2、 The server uses the signature certificate

If the server uses a certificate that is not authenticated by a third party organization, it will report an error when using AFN to request data: nsurlsession/nsurlconnection HTTP load failed (kcfstreamerrordomainssl, – 9806)

Select one of the three certificates (such as. CRT or. PEM) on the server side and double-click to open it, which will be added to the keychain. Export the file with suffix. Cer from the keychain, and then drag it into the project. Open build phases – > Copy bunld resources checks whether the certificate has been bound. If you do not click the + sign to bind the certificate, add the security settings in the place where the data is requested

AFSecurityPolicy * securityPolicy  = [AFSecurityPolicypolicyWithPinningMode:AFSSLPinningModeCertificate];  
    securityPolicy.allowInvalidCertificates = YES;  
    securityPolicy.validatesDomainName = NO;  
    manager.securityPolicy = securityPolicy; 

When finished, run again