Home > 移动互联, 零敲碎打 > [iOS] iOS9.0 关闭系统强制使用HTTPS

[iOS] iOS9.0 关闭系统强制使用HTTPS

iOS9.0以后出于对请求安全的考虑默认将Foundation.framework中的HTTP请求协议更换为SSL/TLS,也就是说所有由程序发起的HTTP请求默认将请求HTTPS的内容,而且在HTTPS出现404时不会请求HTTP的内容,如果你的APP原来就使用HTTPS,基本问题不大,但是如果使用HTTP的话,就需要:
1.修改你的服务器配置,使它支持HTTPS访问
2.修改你的info.plist配置,让APP能访问普通的HTTP协议网站
否则调试程序时会在Log中出现以下提示:

1
2
3
App Transport Security has blocked a cleartext HTTP (http://) resource
 load since it is insecure. Temporary exceptions can be configured via
 your app's Info.plist file.

修改info.plist时,APPLE也提供了修改方法,在info.plist中增加以下内容即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<key>NSAppTransportSecurity</key>
<dict>
  <key>NSExceptionDomains</key>
  <dict>
    <!--your domain-->
    <key>lidaren.com</key>
    <dict>
      <!--Include to allow subdomains-->
      <key>NSIncludesSubdomains</key>
      <true/>
      <!--Include to allow insecure HTTP requests-->
      <key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
      <true/>
      <!--Include to specify minimum TLS version-->
      <key>NSTemporaryExceptionMinimumTLSVersion</key>
      <string>TLSv1.1</string>
    </dict>
  </dict>
</dict>

如果你的app具有浏览器功能,可以这样改,就可以完全放开HTTP访问功能了

1
2
3
4
5
6
<key>NSAppTransportSecurity</key>
<dict>
    <!--Connect to anything (this is probably BAD)-->
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

最后附上原文链接
https://stackoverflow.com/questions/30720813/cfnetwork-sslhandshake-failed-ios-9

Categories: 移动互联, 零敲碎打 Tags: , ,
  1. 李大仁
    November 19th, 2015 at 16:52 | #1

    ajax test

  1. No trackbacks yet.