How to handle CFNetwork SSLHandshake failed in iOS
Normally when I get CFNetwork SSLHandshake failed -(*) Its because of my local wifi network (device is connected to network but not the internet)
Try it again on another network (3G is the quickest solution for me)
CFNetwork SSLHandshake failed iOS 9
iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app's Info.plist file.
The syntax for the Info.plist configuration looks like this:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>yourserver.com</key>
<dict>
<!--Include to allow subdomains-->
<key>NSIncludesSubdomains</key>
<true/>
<!--Include to allow insecure HTTP requests-->
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<!--Include to specify minimum TLS version-->
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.1</string>
</dict>
</dict>
</dict>
If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it like this:
<key>NSAppTransportSecurity</key>
<dict>
<!--Connect to anything (this is probably BAD)-->
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
If you're having to do this, it's probably best to update your servers to use TLSv1.2 and SSL, if they're not already doing so. This should be considered a temporary workaround.
As of today, the prerelease documentation makes no mention of any of these configuration options in any specific way. Once it does, I'll update the answer to link to the relevant documentation.
How to solve CFNetwork SSLHandshake failed (-9806)
Go through this link
Also try with different versions of TLS like below.
<key>NSTemporaryExceptionMinimumTLSVersion</key> <string>TLSv1.1</string>
Also check with this by adding to your app's Info.plist:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSExceptionDomains</key>
<dict>
<key>YOUR_HOST.COM</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSTemporaryExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSTemporaryExceptionMinimumTLSVersion</key>
<string>1.0</string>
<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
<false/>
</dict>
</dict>
</dict>
iOS 8.4 CFNetwork SSLHandshake failed (-9850)
-9850 appears in the SecureTransport.h header buried inside the iOS 9 SDK:
errSSLWeakPeerEphemeralDHKey = -9850, /* weak ephemeral dh key */
It sounds like Michal is on the right track. A more general search for this problem led me to http://www.chromium.org/administrators/err_ssl_weak_server_ephemeral_dh_key:
As of Chrome 45, this error message is triggered if the SSL/TLS handshake attempts to use a public key, smaller than 1024 bits, for ephemeral Diffie-Hellman key agreement.
I'm not saying that iOS 9 imposes exactly the same requirements as Chrome, but I'd start looking at the server configuration and if you can increase the key size it uses for the SSL handshake.
Related Topics
How to Get the Front Camera in Swift
Highlight Just the Text in a Uilabel
Why Is Allocating or Initializing Nsdateformatter Considered "Expensive"
Is It Ok to Place Most Logic and Models in the Appdelegate
Location Access - App Is Not Asking for User Permission to Access Location - iOS 11
Replace a Particular Color Inside an Image with Another Color
How to Read Plist Without Using Nsdictionary in Swift
How to Make Generics in Collection Type Constraint
How to Do Weak Linking in Swift
Typewriter Effect Text Animation
Invalid Image Path - No Image Found at the Path. Cfbundleicons Xcode 5
Intercepting Phone Call - iPhone (Correct Method to Hook in Coretelephony)
Nsgenericexception Reason Collection <Nsconcretemaptable: Xxx>
How to Set an Nscalendarunitminute Repeatinterval on iOS 10 Usernotifications