App Store API server (itunes.apple.com) does not support forward secrecy, blocked by App Transport Security

Originator:greg
Number:rdar://21677202 Date Originated:05-Jul-2015 02:26 PM
Status:Open Resolved:
Product:iOS SDK Product Version:Simulator 9.0 (605)
Classification:Other Bug Reproducible:Always
 
Summary:
The App Store API server, itunes.apple.com does not support forward secrecy and is blocked by App Transport Security.

Steps to Reproduce:
Make an NSURLRequest to https://itunes.apple.com

Expected Results:
Connection succeeds

Actual Results:
"An SSL error has occurred and a secure connection to the server cannot be made."
NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorCodeKey=-9824, NSErrorFailingURLStringKey=https://itunes.apple.com/lookup?at=XYZ&id=ABC
, _kCFStreamErrorDomainKey=3, NSUnderlyingError=0x7b4df280 "The operation couldn’t be completed. (kCFErrorDomainCFNetwork error -1200.)", NSErrorFailingURLKey=https://itunes.apple.com/lookup?at=XYZ&id=ABC

Regression:
Broken since Xcode 7b1

Notes:

Workaround

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>NSExceptionDomains</key>
	<dict>
		<key>itunes.apple.com</key>
		<dict>
			<key>NSIncludesSubdomains</key>
			<false/>
			<key>NSTemporaryExceptionRequiresForwardSecrecy</key>
			<false/>
		</dict>
	</dict>
</dict>
</plist>

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!