Using API clients to Faspex on Mac OS X 10.11 El Capitan

Description

Mac OS X 10.11 El Capitan introduces several new heightened security measures, including Application Transport Security (ATS). This affects the use of API clients on El Capitan connecting to a Faspex server of version 3.9.2 or below. This occurs with version 3 or 4 of the Faspex API.

ATS enforces security best practices by preventing applications from making insecure connections. Specifically, ATS requires connections to be made through HTTPS and TLS 1.2.

As a consequence, clients on El Capitan made with Swift or Objective-C code will not be able to connect to Faspex, and errors will be thrown referring to SSL handshake and connection problems.

As an example, you may see the following error in your client SDK stack trace:

2015-11-09 16:11:18.243 FaspexObjCSample[23109:680832] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9802)

Environment

  • Server: Faspex 3.9.2 and below + Common 1.1.21 and below, using the Faspex API version 3 or 4
  • Client: API client in Swift or Objective-C
  • Client Operating System: Mac OS X 10.11 El Capitan

Solution

Faspex 3.9.3 and above supports enforcement of HTTPS and TLS 1.2 from clients, and therefore allows connections through the Faspex API (version 3 or 4) from all API clients on El Capitan. Therefore, in order to fix this issue you must upgrade your Faspex server to 3.9.3 or above.

If you cannot immediately upgrade to Faspex 3.9.3, you can workaround this issue by disabling ATS altogether, as described below. However, it is strongly recommended to upgrade Faspex so you can take advantage of the security benefits and continue to use your API clients as expected.

Workaround

Add the following content to your client’s Info.plist file to disable ATS:

<key>NSAppTransportSecurity</key>
<dict>
<!--Include to allow all connections (DANGER)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>    
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk