Intermittent SSL issue

App & System Services Networking
BalamuruganH
BalamuruganH OP
Created Jan ’25
Replies 1
Boosts 0
Views 164
Participants 2

Hi Team,

We are getting below error when we try to connect our REST APIs from our device. Our application is enterprise application and its connecting all backend calls via MobileIron Secure Tunnel(VPN). We are not encountering this error when we try to connect backend system from Simulator on VPN connected machine. We are calling 13 APIs but we are getting below error intermittently for different APIs i.e each time we are facing this issue for different APIs. We connected with our Helpdesk team to troubleshoot the error and they checked the MobileIron VPN firewall and there is no log

We configured below things

Allow Arbitrary Loads - True

<key>NSExceptionMinimumTLSVersion</key>



<string>TLSv1.2</string>

We are using Alamofire library to connect backend. We disabled all site validation and we configured minTLSVersion 1.2. Please find below code snippet

static let serverTrustPolicies:[String: ServerTrustEvaluating] = {

    var sites = [String]()

    sites.append("apis.xyz.com")



    return sites.reduce([String: ServerTrustEvaluating]()) { (dictionary, site) -> [String: Alamofire.ServerTrustEvaluating] in

        

        var dictionary = dictionary

        dictionary[site] = DisabledTrustEvaluator()

        return dictionary

    }

}()



static let manager: Session = {

    var serverTrustPolicies: [String: ServerTrustEvaluating] = NetworkClient.serverTrustPolicies

    let configuration = URLSessionConfiguration.default

    configuration.tlsMinimumSupportedProtocolVersion = .TLSv12

    return Alamofire.Session(configuration: configuration,

                             serverTrustManager: CustomTrustManager(evaluators: serverTrustPolicies))

}()

error from Alamofire
Replies  1
Boosts  0
Views  164
Participants  2
Apple Staff, DTS Engineer
DTS Engineer OP
Apple
Jan ’25

Deep in that error message you’ll see code -9816, which is errSSLClosedNoNotify. That suggests that the underlying TCP connection closed without the appropriate TLS handshake.

My experience is that intermittent errors like this are generally caused by circumstances on the network, or the server, rather than a programming problem at your end. In most cases the best thing for your app to do is retry.

If you really want to get to the bottom of what’s going on you need two things:

  • An RVI packet trace up to the point that you saw the error

  • A sysdiagnose log taken shortly after seeing the error

Ideally this would be an a device with the CFNetwork, Network Diagnostics, and VPN (Network Extension) debug profiles. See Bug Reporting > Profiles and Logs.

You can then see what happened on the ‘wire’ and correlate that with events within your app, CFNetwork, and the lower-level network infrastructure.

Setting this up, and then interpreting the logs, is a lot of work, and IME it’s very likely that it’ll get you right back to where I started with this response.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Intermittent SSL issue
First post date Last post date
 
 
Q