cmp.is

Using nscurl to diagnose NSurl TLS errors

0 Comments

Using the nscurl tool to diagnose ATS Connection Issues
In OS X v10.11 and later, you can use the /usr/bin/nscurl tool to help diagnose connection issues due to App Transport Security.

The --ats-diagnostics option tries to connect with the specified URL using different combinations of values for the NSAllowsArbitraryLoads, NSExceptionMinimumTLSVersion, NSExceptionRequiresForwardSecrecy, and NSExceptionAllowsInsecureHTTPLoads keys shown in Table 3 (Apple iOS Docs). A summary of the results is printed to the command line.

The format for the command is:

/usr/bin/nscurl --ats-diagnostics [--verbose] URL
  • URL. The URL for the host. This is required.
  • verbose. Specifying this option includes more information for each connection attempt including the keys and associated values used.

I used this recently to figure out issues with my Camlistore instance. I had a combination of setting up my SSL incorrectly, issues with code configuration, and Camlistore’s server not apparently using TLS.

All is figured out now though.


Any issues or suggestions? Tell me on github.

0 Comments