ios - 为什么无法访问？

Question

我想在iOS模拟器上访问公司内部的https页面。 该页面可以通过 safari 访问。 但WKWebView无法访问。 程序报如下错误。

An SSL error has occurred and a secure connection to the server cannot be made.

TLS 版本为 TLSv1.2。

如果我设置 NSAllowsArbitraryLoads，我就可以访问。 但我认为这种方式不好。

我的代码如下。

//
//  ViewController.swift
//  TestClient
//
//  Created by 平塚 俊輔 on 2015/12/07.
//  Copyright © 2015年 平塚 俊輔. All rights reserved.
//

//1.WebKit Frameworkをimportする
import WebKit

class ViewController: UIViewController, WKNavigationDelegate {

    //2.WKWebviewの宣言！
    var _webkitview: WKWebView?

    override func viewDidLoad() {
        super.viewDidLoad()
        // Do any additional setup after loading the view, typically from a nib.

        //3.WebKitのインスタンス作成!
        self._webkitview = WKWebView()

        //4.ここでWebKitをviewに紐付け
        self.view = self._webkitview!
        self._webkitview!.navigationDelegate = self
        //5.URL作って、表示させる！
        var url = NSURL(string:"https:/******")
        var req = NSURLRequest(URL:url!)
        self._webkitview!.loadRequest(req)
    }

    // MARK: WKNavigationDelegate
    func webView(webView: WKWebView, didStartProvisionalNavigation navigation: WKNavigation!) {
        NSLog("Start")
    }

    func webView(webView: WKWebView!, didFailNavigation navigation: WKNavigation!, withError error: NSError!) {
        NSLog("Failed Navigation %@", error.localizedDescription)
    }

    func webView(webView: WKWebView!, didFinishNavigation navigation: WKNavigation!) {
        // Finish navigation
        NSLog("Finish Navigation")
        NSLog("Title:%@ URL:%@", webView.title!, webView.URL!)

        // Run Javascript(For local)
//        webView.evaluateJavaScript("var el=document.getElementById('user');el.style.backgroundColor='yellow';", nil)
    }

    func webView(webView: WKWebView, didFailProvisionalNavigation navigation: WKNavigation!, withError error: NSError) {
        print(error)
    }

    override func didReceiveMemoryWarning() {
        super.didReceiveMemoryWarning()
        // Dispose of any resources that can be recreated.
    }
}

这是什么问题？

顺便说一句，我可以在真实设备上访问。 我无法仅在模拟器上访问。

Answer 1

应用程序传输安全涉及的不仅仅是 HTTPS (TLS)。它还涉及可能允许也可能不允许的特定类型的密码和证书。

您可以在这里找到详细信息:

https://developer.apple.com/library/prerelease/ios/documentation/General/Reference/InfoPlistKeyReference/Articles/CocoaKeys.html#//apple_ref/doc/uid/TP40009251-SW35

Requirements for Connecting Using ATS

The requirements for a web service connection to use App Transport Security (ATS) involve the server, connection ciphers, and certificates, as follows:

• Certificates must be signed with one of the following types of keys:
  • Secure Hash Algorithm 2 (SHA-2) key with a digest length of at least 256 (that is, SHA-256 or greater)
  • Elliptic-Curve Cryptography (ECC) key with a size of at least 256 bits
  • Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits

An invalid certificate results in a hard failure and no connection.

• The following connection ciphers support forward secrecy (FS) and work with ATS:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

“好的”选项是重新配置您的服务器以使用适当的密码和证书。否则，您可以全局或更精细地禁用所有站点或仅针对特定域和/或子域的检查。异常(exception)情况越“严格”越好。